-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
201 lines (172 loc) · 5.37 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
variable "availability_zones" {
description = "The number of availability zone the network should be deployed into"
type = number
default = 2
}
variable "dns_query_log_retention" {
description = "The number of days to retain DNS query logs"
type = number
default = 7
}
variable "enable_route53_resolver_rules" {
description = "Automatically associates any shared route53 resolver rules with the VPC"
type = bool
default = true
}
variable "exclude_route53_resolver_rules" {
description = "List of resolver rules to exclude from association"
type = list(string)
default = []
}
variable "enable_transit_gateway_subnet_natgw" {
description = "Indicates if the transit gateway subnets should be connected to a nat gateway"
type = bool
default = false
}
variable "enable_default_route_table_association" {
description = "Indicates the transit gateway default route table should be associated with the subnets"
type = bool
default = true
}
variable "enable_default_route_table_propagation" {
description = "Indicates the transit gateway default route table should be propagated to the subnets"
type = bool
default = true
}
variable "enable_dns_request_logging" {
description = "Enable logging of DNS requests"
type = bool
default = false
}
variable "enable_transit_gateway_appliance_mode" {
description = "Indicates the network should be connected to a transit gateway in appliance mode"
type = bool
default = false
}
variable "enable_private_endpoints" {
description = "Indicates the network should provision private endpoints"
type = list(string)
default = []
}
variable "enable_ssm" {
description = "Indicates we should provision SSM private endpoints"
type = bool
default = false
}
variable "ipam_pool_id" {
description = "An optional pool id to use for IPAM pool to use"
type = string
default = null
}
variable "name" {
description = "Is the name of the network to provision"
type = string
}
variable "nat_gateway_mode" {
description = "The configuration mode of the NAT gateways"
type = string
default = "none"
validation {
condition = can(regex("^(none|all_azs|single_az)$", var.nat_gateway_mode))
error_message = "nat_gateway_mode must be none, all_azs, or single_az"
}
}
variable "private_subnet_netmask" {
description = "The netmask for the private subnets"
type = number
default = 0
}
variable "public_subnet_netmask" {
description = "The netmask for the public subnets"
type = number
default = 0
}
variable "tags" {
description = "Tags to apply to all resources"
type = map(string)
}
variable "transit_gateway_id" {
description = "If enabled, and not lookup is disabled, the transit gateway id to connect to"
type = string
default = null
}
variable "transit_gateway_routes" {
description = "If enabled, this is the cidr block to route down the transit gateway"
type = map(string)
default = {
"private" = "10.0.0.0/8"
}
}
variable "subnets" {
description = "Additional subnets to create in the network, keyed by the subnet name"
type = any
default = {}
}
variable "vpc_cidr" {
description = "An optional cidr block to assign to the VPC (if not using IPAM)"
type = string
default = null
}
variable "vpc_netmask" {
description = "An optional range assigned to the VPC"
type = number
default = null
}
variable "vpc_instance_tenancy" {
description = "The name of the VPC to create"
type = string
default = "default"
}
variable "private_subnet_tags" {
description = "Additional tags for the private subnets"
type = map(string)
default = {}
}
variable "public_subnet_tags" {
description = "Additional tags for the public subnets"
type = map(string)
default = {}
}
variable "transit_subnet_tags" {
description = "Additional tags for the transit subnets"
type = map(string)
default = {}
}
variable "nacl_rules" {
description = "Map of NACL rules to apply to different subnet types. Each rule requires from_port, to_port, protocol, rule_action, cidr_block, and rule_number"
type = map(object({
inbound = list(object({
cidr_block = string
from_port = optional(number, null)
icmp_code = optional(number, 0)
icmp_type = optional(number, 0)
ipv6_cidr_block = optional(string, null)
protocol = optional(number, -1)
rule_action = optional(string, "allow")
rule_number = number
to_port = optional(number, null)
}))
outbound = list(object({
cidr_block = string
from_port = optional(number, null)
icmp_code = optional(number, 0)
icmp_type = optional(number, 0)
ipv6_cidr_block = optional(string, null)
protocol = optional(number, -1)
rule_action = optional(string, "allow")
rule_number = number
to_port = optional(number, null)
}))
}))
default = {}
}
variable "enable_s3_endpoint" {
description = "Enable S3 VPC Gateway endpoint"
type = bool
default = true
}
variable "enable_dynamodb_endpoint" {
description = "Enable DynamoDB VPC Gateway endpoint"
type = bool
default = true
}