forked from giuliocalzolari/terraform-aws-vault-dynamodb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
182 lines (149 loc) · 3.76 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
variable "aws_region" {
description = "AWS region to launch servers."
type = string
}
variable "vpc_id" {
type = string
description = "VPC Id"
}
variable "project" {
default = "myproject"
type = string
description = "Project Name (e.g. MyProject, etc..)"
}
variable "environment" {
default = "dev"
type = string
description = "Environment Name (e.g. dev, test, uat, prod, etc..)"
}
variable "app_name" {
default = "vault"
type = string
description = "Application name N.1 (e.g. vault, secure, store, etc..)"
}
variable "prefix" {
default = ""
type = string
description = "Prefix to add on all resources"
}
variable "suffix" {
default = ""
type = string
description = "Suffix to add on all resources"
}
variable "key_name" {
default = null
type = string
description = "EC2 key pair name"
}
variable "arch" {
default = "x86_64"
type = string
description = "EC2 Architecture arm64/x86_64"
}
variable "vault_version" {
default = "1.12.1"
type = string
description = "Vault version to install"
}
locals {
arch_version = {
"x86_64" = "amd64"
"arm64" = "arm64"
}
kms_key_id = var.kms_key_id == "" ? aws_kms_key.key[0].key_id : var.kms_key_id
}
# Additional tags to apply to all tagged resources.
variable "extra_tags" {
type = map(string)
description = "Additional Tag to add"
}
variable "internal" {
default = false
type = bool
description = "ALB internal/public flag"
}
variable "ec2_subnets" {
default = []
type = list(string)
description = "ASG Subnets"
}
variable "lb_subnets" {
default = []
type = list(string)
description = "ALB Subnets"
}
variable "zone_name" {
type = string
default = ""
description = "Public Route53 Zone name for DNS and ACM validation"
}
variable "kms_key_id" {
default = ""
type = string
description = "KMS Key Id for vault Auto-Unseal"
}
variable "instance_type" {
default = "a1.medium"
type = string
description = "EC2 Instance Size"
}
variable "root_volume_size" {
default = "8"
type = string
description = "EC2 ASG Disk Size"
}
variable "size" {
description = "ASG Size"
default = "2"
type = string
}
variable "default_cooldown" {
default = "30"
type = string
description = "ASG cooldown time"
}
variable "termination_policies" {
type = list(string)
default = ["Default"]
description = "ASG Termination Policy"
}
variable "protect_from_scale_in" {
default = false
type = bool
}
variable "health_check_type" {
type = string
description = "ASG health_check_type"
default = "EC2"
}
variable "alb_ssl_policy" {
type = string
description = "ALB ssl policy"
default = "ELBSecurityPolicy-FS-1-2-2019-08"
}
variable "admin_cidr_blocks" {
type = list(string)
default = []
description = "Admin CIDR Block to access SSH and internal Application ports"
}
variable "recreate_asg_when_lc_changes" {
description = "Whether to recreate an autoscaling group when launch configuration changes"
type = bool
default = true
}
variable "dynamodb_backup" {
description = "Enable AWS Backup for DynamoDB backend to have multiple RPO for the Vault"
type = bool
default = true
}
variable "actions_alarm" {
type = list(string)
default = []
description = "A list of actions to take when alarms are triggered. Will likely be an SNS topic for event distribution."
}
variable "actions_ok" {
type = list(string)
default = []
description = "A list of actions to take when alarms are cleared. Will likely be an SNS topic for event distribution."
}