-
Notifications
You must be signed in to change notification settings - Fork 40
/
Copy pathvariables.tf
236 lines (198 loc) · 6.22 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
variable "alb_account" {
description = "Account for ALB logs. By default limits to the current account."
default = ""
type = string
}
variable "alb_logs_prefixes" {
description = "S3 key prefixes for ALB logs."
default = ["alb"]
type = list(string)
}
variable "allow_alb" {
description = "Allow ALB service to log to bucket."
default = false
type = bool
}
variable "allow_cloudtrail" {
description = "Allow Cloudtrail service to log to bucket."
default = false
type = bool
}
variable "allow_cloudwatch" {
description = "Allow Cloudwatch service to export logs to bucket."
default = false
type = bool
}
variable "allow_config" {
description = "Allow Config service to log to bucket."
default = false
type = bool
}
variable "allow_elb" {
description = "Allow ELB service to log to bucket."
default = false
type = bool
}
variable "allow_nlb" {
description = "Allow NLB service to log to bucket."
default = false
type = bool
}
variable "allow_redshift" {
description = "Allow Redshift service to log to bucket."
default = false
type = bool
}
variable "allow_s3" {
description = "Allow S3 service to log to bucket."
default = false
type = bool
}
variable "bucket_key_enabled" {
description = "Whether or not to use Amazon S3 Bucket Keys for SSE-KMS."
type = bool
default = false
}
variable "cloudtrail_accounts" {
description = "List of accounts for CloudTrail logs. By default limits to the current account."
default = []
type = list(string)
}
variable "cloudtrail_logs_prefix" {
description = "S3 prefix for CloudTrail logs."
default = "cloudtrail"
type = string
}
variable "cloudtrail_org_id" {
description = "AWS Organization ID for CloudTrail."
default = ""
type = string
}
variable "cloudwatch_logs_prefix" {
description = "S3 prefix for CloudWatch log exports."
default = "cloudwatch"
type = string
}
variable "config_accounts" {
description = "List of accounts for Config logs. By default limits to the current account."
default = []
type = list(string)
}
variable "config_logs_prefix" {
description = "S3 prefix for AWS Config logs."
default = "config"
type = string
}
variable "control_object_ownership" {
description = "Whether to manage S3 Bucket Ownership Controls on this bucket."
type = bool
default = true
}
variable "create_public_access_block" {
description = "Whether to create a public_access_block restricting public access to the bucket."
default = true
type = bool
}
variable "default_allow" {
description = "Whether all services included in this module should be allowed to write to the bucket by default. Alternatively select individual services. It's recommended to use the default bucket ACL of log-delivery-write."
default = true
type = bool
}
variable "elb_accounts" {
description = "List of accounts for ELB logs. By default limits to the current account."
default = []
type = list(string)
}
variable "elb_logs_prefix" {
description = "S3 prefix for ELB logs."
default = "elb"
type = string
}
variable "enable_mfa_delete" {
description = "A bool that requires MFA to delete the log bucket."
default = false
type = bool
}
variable "enable_s3_log_bucket_lifecycle_rule" {
description = "Whether the lifecycle rule for the log bucket is enabled."
default = true
type = bool
}
variable "force_destroy" {
description = "A bool that indicates all objects (including any locked objects) should be deleted from the bucket so the bucket can be destroyed without error."
default = false
type = bool
}
variable "kms_master_key_id" {
description = "The AWS KMS master key ID used for the SSE-KMS encryption. If blank, bucket encryption configuration defaults to AES256."
type = string
default = ""
}
variable "logging_target_bucket" {
description = "S3 Bucket to send S3 logs to. Disables logging if omitted."
default = ""
type = string
}
variable "logging_target_prefix" {
description = "Prefix for logs going into the log_s3_bucket."
default = "s3/"
type = string
}
variable "nlb_account" {
description = "Account for NLB logs. By default limits to the current account."
default = ""
type = string
}
variable "nlb_logs_prefixes" {
description = "S3 key prefixes for NLB logs."
default = ["nlb"]
type = list(string)
}
variable "noncurrent_version_retention" {
description = "Number of days to retain non-current versions of objects if versioning is enabled."
type = string
default = 30
}
variable "object_ownership" {
description = "Object ownership. Valid values: BucketOwnerEnforced, BucketOwnerPreferred or ObjectWriter."
type = string
default = "BucketOwnerEnforced"
}
variable "redshift_logs_prefix" {
description = "S3 prefix for RedShift logs."
default = "redshift"
type = string
}
variable "s3_bucket_acl" {
description = "Set bucket ACL per [AWS S3 Canned ACL](<https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl>) list."
default = null
type = string
}
variable "s3_bucket_name" {
description = "S3 bucket to store AWS logs in."
type = string
}
variable "s3_log_bucket_retention" {
description = "Number of days to keep AWS logs around."
default = 90
type = string
}
variable "s3_logs_prefix" {
description = "S3 prefix for S3 access logs."
default = "s3"
type = string
}
variable "tags" {
type = map(string)
default = {}
description = "A mapping of tags to assign to the logs bucket. Please note that tags with a conflicting key will not override the original tag."
}
variable "versioning_status" {
description = "A string that indicates the versioning status for the log bucket."
default = "Disabled"
type = string
validation {
condition = contains(["Enabled", "Disabled", "Suspended"], var.versioning_status)
error_message = "Valid values for versioning_status are Enabled, Disabled, or Suspended."
}
}