forked from cloudposse/terraform-aws-ec2-client-vpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecurity_group_inputs.tf
119 lines (105 loc) · 4.08 KB
/
security_group_inputs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# security_group_inputs Version: 1
#
variable "create_security_group" {
type = bool
default = true
description = "Set `true` to create and configure a new security group. If false, `associated_security_group_ids` must be provided."
}
variable "associated_security_group_ids" {
type = list(string)
default = []
description = <<-EOT
A list of IDs of Security Groups to associate the VPN endpoints with, in addition to the created security group.
These security groups will not be modified and, if `create_security_group` is `false`, must have rules providing the desired access.
EOT
}
locals {
associated_security_group_ids = concat(var.additional_security_groups, var.associated_security_group_ids)
}
variable "allowed_security_group_ids" {
type = list(string)
default = []
description = <<-EOT
A list of IDs of Security Groups to allow access to the security group created by this module.
The length of this list must be known at "plan" time.
EOT
}
variable "allowed_cidr_blocks" {
type = list(string)
default = []
description = <<-EOT
A list of IPv4 CIDRs to allow access to the security group created by this module.
The length of this list must be known at "plan" time.
EOT
}
variable "allowed_ipv6_cidr_blocks" {
type = list(string)
default = []
description = <<-EOT
A list of IPv6 CIDRs to allow access to the security group created by this module.
The length of this list must be known at "plan" time.
EOT
}
variable "allowed_ipv6_prefix_list_ids" {
type = list(string)
default = []
description = <<-EOT
A list of IPv6 Prefix Lists IDs to allow access to the security group created by this module.
The length of this list must be known at "plan" time.
EOT
}
variable "allow_self_security_group" {
type = bool
default = true
description = "Whether the security group itself will be added as a source to this ingress rule."
}
variable "security_group_name" {
type = list(string)
default = []
description = <<-EOT
The name to assign to the created security group. Must be unique within the VPC.
If not provided, will be derived from the `null-label.context` passed in.
If `create_before_destroy` is true, will be used as a name prefix.
EOT
}
variable "security_group_description" {
type = string
default = null
description = <<-EOT
The description to assign to the created Security Group.
Warning: Changing the description causes the security group to be replaced.
EOT
}
variable "security_group_create_before_destroy" {
type = bool
default = true
description = <<-EOT
Set `true` to enable Terraform `create_before_destroy` behavior on the created security group.
Note that changing this value will always cause the security group to be replaced.
EOT
}
variable "security_group_create_timeout" {
type = string
default = "10m"
description = "How long to wait for the security group to be created."
}
variable "security_group_delete_timeout" {
type = string
default = "15m"
description = <<-EOT
How long to retry on `DependencyViolation` errors during security group deletion from
lingering ENIs left by certain AWS services such as Elastic Load Balancing.
EOT
}
variable "additional_security_group_rules" {
type = list(any)
default = []
description = <<-EOT
A list of Security Group rule objects to add to the created security group, in addition to the ones
this module normally creates. (To suppress the module's rules, set `create_security_group` to false
and supply your own security group via `associated_security_group_ids`.)
The keys and values of the objects are fully compatible with the `aws_security_group_rule` resource, except
for `security_group_id` which will be ignored, and the optional "key" which, if provided, must be unique and known at "plan" time.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule .
EOT
}