forked from cloudposse/terraform-aws-cloudtrail-s3-bucket
-
Notifications
You must be signed in to change notification settings - Fork 2
/
variables.tf
150 lines (125 loc) · 4.93 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
variable "acl" {
type = string
description = "The canned ACL to apply. We recommend log-delivery-write for compatibility with AWS services"
default = "log-delivery-write"
}
variable "policy" {
type = string
description = "A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy"
default = ""
}
variable "lifecycle_prefix" {
type = string
description = "Prefix filter. Used to manage object lifecycle events"
default = ""
}
variable "lifecycle_tags" {
type = map(string)
description = "Tags filter. Used to manage object lifecycle events"
default = {}
}
variable "force_destroy" {
type = bool
description = "(Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable"
default = false
}
variable "lifecycle_rule_enabled" {
type = bool
description = "Enable lifecycle events on this bucket"
default = true
}
variable "versioning_enabled" {
type = bool
description = "A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket"
default = false
}
variable "noncurrent_version_expiration_days" {
description = "Specifies when noncurrent object versions expire"
default = 90
}
variable "noncurrent_version_transition_days" {
description = "Specifies when noncurrent object versions transitions"
default = 30
}
variable "standard_transition_days" {
description = "Number of days to persist in the standard storage tier before moving to the infrequent access tier"
default = 30
}
variable "glacier_transition_days" {
description = "Number of days after which to move the data to the glacier storage tier"
default = 60
}
variable "enable_glacier_transition" {
type = bool
default = false
description = "Glacier transition might just increase your bill. Set to false to disable lifecycle transitions to AWS Glacier."
}
variable "expiration_days" {
description = "Number of days after which to expunge the objects"
default = 90
}
variable "abort_incomplete_multipart_upload_days" {
type = number
default = 5
description = "Maximum time (in days) that you want to allow multipart uploads to remain in progress"
}
variable "sse_algorithm" {
type = string
description = "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms"
default = "AES256"
}
variable "kms_master_key_arn" {
type = string
description = "The AWS KMS master key ARN used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms"
default = ""
}
variable "block_public_acls" {
type = bool
default = true
description = "Set to `false` to disable the blocking of new public access lists on the bucket"
}
variable "block_public_policy" {
type = bool
default = true
description = "Set to `false` to disable the blocking of new public policies on the bucket"
}
variable "ignore_public_acls" {
type = bool
default = true
description = "Set to `false` to disable the ignoring of public access lists on the bucket"
}
variable "restrict_public_buckets" {
type = bool
default = true
description = "Set to `false` to disable the restricting of making the bucket public"
}
variable "access_log_bucket_name" {
type = string
default = ""
description = "Name of the S3 bucket where s3 access log will be sent to"
}
variable "create_access_log_bucket" {
type = bool
default = false
description = "A flag to indicate if a bucket for s3 access logs should be created"
}
variable "allow_ssl_requests_only" {
type = bool
default = true
description = "Set to `true` to require requests to use Secure Socket Layer (HTTPS/SSL). This will explicitly deny access to HTTP requests"
}
variable "bucket_notifications_enabled" {
type = bool
description = "Send notifications for the object created events. Used for 3rd-party log collection from a bucket. This does not affect access log bucket created by this module. To enable bucket notifications on the access log bucket, create it separately using the cloudposse/s3-log-storage/aws"
default = false
}
variable "bucket_notifications_type" {
type = string
description = "Type of the notification configuration. Only SQS is supported."
default = "SQS"
}
variable "bucket_notifications_prefix" {
type = string
description = "Prefix filter. Used to manage object notifications"
default = ""
}