-
-
Notifications
You must be signed in to change notification settings - Fork 72
/
Copy pathvariables.tf
70 lines (62 loc) · 2.36 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
variable "additional_endpoint_arns" {
description = "Any alert endpoints, such as autoscaling, or app scaling endpoint arns that will respond to an alert"
default = []
type = list(string)
}
variable "sns_topic_arn" {
description = "An SNS topic ARN that has already been created. Its policy must already allow access from CloudWatch Alarms, or set `add_sns_policy` to `true`"
default = null
type = string
}
variable "sns_policy_enabled" {
description = "Attach a policy that allows the notifications through to the SNS topic endpoint"
default = false
type = bool
}
variable "log_group_region" {
description = "The log group region that should be monitored for unauthorised AWS API Access. Current region used if none provided."
default = ""
type = string
}
variable "log_group_name" {
description = "The cloudtrail cloudwatch log group name"
type = string
}
variable "metric_namespace" {
description = "A namespace for grouping all of the metrics together"
default = "CISBenchmark"
type = string
}
variable "dashboard_enabled" {
description = "When true a dashboard that displays the statistics as a line graph will be created in CloudWatch"
default = true
type = bool
}
variable "kms_master_key_id" {
type = string
description = <<EOT
The ID or alias of the customer master key (CMK) to use for encrypting the Amazon SNS topic.
The CMK must have its resource-based policy allow the service `cloudwatch.amazonaws.com` to perform `kms:Decrypt` and `kms:GenerateDataKey` on it.
If this variable is not supplied, a CMK with the sufficient resource-based policy will be created and used when configuring encryption for
the SNS topic.
EOT
default = null
}
variable "metrics" {
type = map(object({
metric_name = string
filter_pattern = string
metric_namespace = string
metric_value = string
alarm_name = string
alarm_comparison_operator = string
alarm_evaluation_periods = string
alarm_period = string
alarm_statistic = string
alarm_treat_missing_data = string
alarm_threshold = string
alarm_description = string
}))
default = {}
description = "The cloudwatch metrics and corresponding alarm definitions"
}