-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
139 lines (133 loc) · 5.91 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# Account setup
variable "profile" {
description = "The profile from ~/.aws/credentials file used for authentication. By default it is the default profile."
type = string
default = "default"
}
variable "accountID" {
description = "ID of your AWS account. It is a required variable normally used in JSON files or while assuming a role."
type = string
validation {
condition = length(var.accountID) == 12
error_message = "Please, provide a valid account ID."
}
}
variable "region" {
description = "The region for the resources. By default it is eu-west-1."
type = string
default = "eu-west-1"
}
variable "assumeRole" {
description = "Enable / Disable role assume. This is disabled by default and normally used for sub organization configuration."
type = bool
default = false
}
variable "assumableRole" {
description = "The role the user will assume if assumeRole is enabled. By default, it is OrganizationAccountAccessRole."
type = string
default = "OrganizationAccountAccessRole"
}
variable "name" {
description = "Bucket name. Required value"
type = string
}
variable "object_lock_enabled" {
description = "Create bucket with enabled or disabled object locks. You cannot change this value after the bucket is created. Be aware that object locks are not applied by default. Defaults to False."
type = bool
default = false
}
variable "object_lock_config" {
description = "If you want to apply object lock to all newly created objects, please set the object lock configuration. E.g.: object_lock_config = { mode = \"COMPLIANCE\", days = 365 }. If this is set, all new object wont be possible to delete for 365 days."
type = map
default = {}
}
variable "block_public_acls" {
description = "PUT Bucket ACL, PUT Object ACL and PUT Object if request includes a public ACL calls will fail if the specified ACL allows public access. Defaults to true"
type = bool
default = true
}
variable "block_public_policy" {
description = "Reject calls to PUT Bucket policy if the specified bucket policy allows public access. Defaults to true"
type = bool
default = true
}
variable "ignore_public_acls" {
description = "Ignore all public ACLs on buckets in this account and any objects that they contain. Defaults to true"
type = bool
default = true
}
variable "restrict_public_buckets" {
description = "Only the bucket owner and AWS Services can access buckets with public policies. Defaults to true"
type = bool
default = true
}
variable "policy_path" {
description = "Path to directory with all the policies. By default ./json/s3/NAME.json where the name is the name of the bucket"
type = string
default = "./json/s3"
}
variable "versioning_enabled" {
description = "Enable or disable versioning on this bucket. Disabled versioning will not delete existing version, just suspend the service."
type = bool
default = true
}
variable "logging_bucket" {
description = "Bucket name that is used for logging. If left blank string, logging will not be enabled."
type = string
default = ""
}
variable "logging_prefix" {
description = "If logging is enabled, this is the first object in the object structure. By default if logging is enabled the path for the logs will be s3://logging_bucket/logging_prefix/bucket_name. Default value is s3."
type = string
default = "s3"
}
variable "lifecycle_rules" {
description = "Lifecycle rules. By default empty. Example of one: lifecycle_rules = [{name = \"DeleteAnyInWeek\", enabled = true, expiration_date = \"\", expiration_days = 7}]"
type = any
default = []
}
variable "website_enabled" {
description = "This will allow you to enable / disable website functionality on this bucket."
type = string
default = false
}
variable "website_index_page" {
description = "Path to index page. Defaults to index.html"
type = string
default = "index.html"
}
variable "website_error_page" {
description = "Path to error page. Defaults to 404.html"
type = string
default = "404.html"
}
variable "encryption_enabled" {
description = "Enable disable S3 bucket encryption."
type = bool
default = true
}
variable "encryption_algorithm" {
description = "Algorithm used for encryption. Default value is AES256. The other option is to use aws:kms. With kms you can use your own key provided below. If you leave the key empty, aws/s3 key will be used instead."
type = string
default = "AES256"
}
variable "encryption_kms_key" {
description = "If aws:kms algoright is selected, you can use your own key to encrypt files. If this value is left blank and AES256 algorithm is not configured, aws will use own s3 kms key instead."
type = string
default = null
}
variable "cors_rules" {
description = "CORS configuration. If left blank, no rules will be applied. Expected configuration. cors_rules = { allowed_methods = [\"GET\"], allowed_origins = [\"*\"] }. This is minimal required configuration if cors_rules are set. You can also configure allowed_headers and expose_headers."
type = any
default = {}
}
variable "notification_sqs" {
description = "SQS configuration. Expected configuration: notification_sqs = { queue_arn = model.s3_sqs.arn, events = [\"s3:ObjectCreated:*\"], filter_suffix = \"\"}. If left blank, sqs will not be notified"
type = any
default = {}
}
variable "notification_lambda" {
description = "Lambda configuration. Expected configuration: notification_lambda = { lambda_function_arn = model.s3_lambda.arn, events = [\"s3:ObjectCreated:*\"], filter_suffix = \"\"}. If left blank, lambda will not be notified"
type = any
default = {}
}