-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
122 lines (107 loc) · 3.5 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
variable "name_prefix" {
description = "Name to be used on all the resources as identifier."
type = string
default = "aws-ia2"
}
variable "event_bus_name" {
description = "EventBridge event bus name"
type = string
default = "default"
}
variable "cloudwatch_log_group_name" {
description = "RunTask CloudWatch log group name"
type = string
default = "/hashicorp/terraform/runtask/iam-access-analyzer/"
}
variable "cloudwatch_log_group_retention" {
description = "Lambda CloudWatch log group retention period"
type = string
default = "30"
validation {
condition = contains(["1", "3", "5", "7", "14", "30", "60", "90", "120", "150", "180", "365", "400", "545", "731", "1827", "3653", "0"], var.cloudwatch_log_group_retention)
error_message = "Valid values for var: cloudwatch_log_group_retention are (1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0)."
}
}
variable "event_source" {
description = "EventBridge source name"
type = string
default = "app.terraform.io"
}
variable "runtask_stages" {
description = "List of all supported RunTask stages"
type = list(string)
default = ["pre_plan", "post_plan", "pre_apply"]
}
variable "tfc_org" {
description = "Terraform Organization name"
type = string
}
variable "workspace_prefix" {
description = "TFC workspace name prefix that allowed to run this runtask"
type = string
default = ""
}
variable "supported_policy_document" {
description = "(Optional) allow list of the supported IAM policy document"
type = string
default = ""
}
variable "aws_region" {
description = "The region from which this module will be executed."
type = string
validation {
condition = can(regex("(us(-gov)?|ap|ca|cn|eu|sa)-(central|(north|south)?(east|west)?)-\\d", var.aws_region))
error_message = "Variable var: region is not valid."
}
}
variable "recovery_window" {
description = "Numbers of day Number of days that AWS Secrets Manager waits before it can delete the secret"
type = number
default = 0
validation {
condition = (var.recovery_window >= 0 && var.recovery_window <= 30)
error_message = "Variable var: recovery_window must be between 0 and 30"
}
}
variable "lambda_reserved_concurrency" {
description = "Maximum Lambda reserved concurrency, make sure your AWS quota is sufficient"
type = number
default = 100
}
variable "lambda_default_timeout" {
description = "Lambda default timeout in seconds"
type = number
default = 30
}
variable "deploy_waf" {
description = "Set to true to deploy CloudFront and WAF in front of the Lambda function URL"
type = string
default = false
validation {
condition = contains(["true", "false"], var.deploy_waf)
error_message = "Valid values for var: deploy_waf are true, false"
}
}
variable "waf_rate_limit" {
description = "Rate limit for request coming to WAF"
type = number
default = 100
}
variable "waf_managed_rule_set" {
description = "List of AWS Managed rules to use inside the WAF ACL"
type = list(map(string))
default = [
{
name = "AWSManagedRulesCommonRuleSet"
priority = 10
vendor_name = "AWS"
metric_suffix = "common"
},
{
name = "AWSManagedRulesKnownBadInputsRuleSet"
priority = 20
vendor_name = "AWS"
metric_suffix = "bad_input"
}
]
}