-
Notifications
You must be signed in to change notification settings - Fork 41
/
variables.tf
276 lines (238 loc) · 7.31 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED PARAMETERS
# These variables must be set when using this module.
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# These variables have defaults, but may be overridden.
# ---------------------------------------------------------------------------------------------------------------------
variable "bucket" {
description = "The name of the bucket. (forces new resource, default: unique random name)"
type = string
default = null
}
variable "bucket_prefix" {
description = "Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. (forces new resource)"
type = string
default = null
}
variable "acl" {
description = "The canned ACL to apply. https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl"
type = string
default = "private"
}
variable "policy" {
description = "A bucket policy in JSON format."
type = string
default = null
}
variable "tags" {
description = "A mapping of tags to assign to the bucket."
type = map(string)
default = {}
# Example:
#
# tags = {
# Name = "Just an Example"
# Environment = "Testing"
# }
}
variable "force_destroy" {
description = "A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable."
type = bool
default = false
}
variable "acceleration_status" {
description = "Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended."
type = string
default = null
}
variable "request_payer" {
description = "Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. See Requester Pays Buckets developer guide for more information."
type = string
default = "BucketOwner"
}
variable "cors_rule" {
description = "Object containing a rule of Cross-Origin Resource Sharing."
type = any
default = {}
# Example:
#
# cors_rule = {
# allowed_headers = ["*"]
# allowed_methods = ["PUT", "POST"]
# allowed_origins = ["https://s3-website-test.example.com"]
# expose_headers = ["ETag"]
# max_age_seconds = 3000
# }
}
variable "versioning" {
description = "Boolean specifying enabled state of versioning or object containing detailed versioning configuration."
type = any
default = false
# Examples:
#
# versioning = true
# versioning = {
# enabled = true
# mfa_delete = true
# }
}
variable "logging" {
description = "Map containing access bucket logging configuration."
type = map(string)
default = {}
# Example:
#
# logging = {
# target_bucket = "example-bucket"
# target_prefix = "log/"
# }
}
variable "apply_server_side_encryption_by_default" {
description = "Map containing server-side encryption configuration."
type = map(string)
default = {
sse_algorithm = "AES256"
}
}
variable "lifecycle_rules" {
description = "List of maps containing configuration of object lifecycle management."
type = any
default = []
# Example:
#
# lifecycle_rules = [
# {
# id = "log"
# enabled = true
#
# prefix = "log/"
#
# tags = {
# "rule" = "log"
# "autoclean" = "true"
# }
#
# transition = [
# {
# days = 30
# storage_class = "STANDARD_IA" # or "ONEZONE_IA"
# },
# {
# days = 60
# storage_class = "GLACIER"
# }
# ]
#
# expiration = {
# days = 90
# }
# }
# ]
}
variable "block_public_acls" {
type = bool
description = "Whether Amazon S3 should block public ACLs for this bucket."
default = true
}
variable "block_public_policy" {
type = bool
description = "Whether Amazon S3 should block public bucket policies for this bucket."
default = true
}
variable "ignore_public_acls" {
type = bool
description = "Whether Amazon S3 should ignore public ACLs for this bucket."
default = true
}
variable "restrict_public_buckets" {
type = bool
description = "Whether Amazon S3 should restrict public bucket policies for this bucket."
default = true
}
variable "cross_account_identifiers" {
type = list(string)
description = "Identifiers that you want to grant cross account access to."
default = []
# Example:
#
# cross_account_identifiers = [
# "112233445566",
# "112233445566"
# ]
}
variable "cross_account_bucket_actions" {
type = list(string)
description = "Actions on the bucket to allow"
default = [
"s3:ListBucket"
]
}
variable "cross_account_object_actions" {
type = list(string)
description = "Actions on bucket objects to allow"
default = [
"s3:GetObject"
]
}
variable "cross_account_object_actions_with_forced_acl" {
type = list(string)
description = "Actions on bucket objects to allow only with forced acl"
default = [
"s3:PutObject",
"s3:PutObjectAcl"
]
}
variable "cross_account_forced_acls" {
type = list(string)
description = "ACLs to force on new objects for cross account xs"
default = [
"bucket-owner-full-control"
]
}
variable "create_origin_access_identity" {
type = bool
description = "Whether to create an origin access identity (OAI) and policy to be accessible from Cloudfront."
default = false
}
variable "origin_access_identities" {
type = list(string)
description = "Cloudfront Origin Access Identities to grant read-only access to."
default = []
}
variable "elb_log_delivery" {
type = bool
description = "Whether to allow log delivery from ELBs."
default = null
}
variable "elb_regions" {
type = list(string)
description = "The names of the region whose AWS ELB account IDs are desired."
default = []
}
variable "access_points" {
type = any
description = "A List of Access Point configurations."
default = []
}
# ------------------------------------------------------------------------------
# OPTIONAL MODULE CONFIGURATION PARAMETERS
# These variables are used to configure the module.
# See https://medium.com/mineiros/the-ultimate-guide-on-how-to-write-terraform-modules-part-1-81f86d31f024
# ------------------------------------------------------------------------------
variable "module_enabled" {
type = bool
description = "(optional) Whether to create resources within the module or not. Default is true."
default = true
}
variable "module_tags" {
type = map(string)
description = "(Optional) A map of tags that will be applied to all created resources that accept tags. Tags defined with 'module_tags' can be overwritten by resource-specific tags."
default = {}
}
variable "module_depends_on" {
type = any
description = "(optional) A list of external resources the module depends_on. Default is []."
default = []
}