-
-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathvariables.tf
366 lines (330 loc) · 14.9 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
variable "name" {
description = "(Required) The name of the subnet group."
type = string
nullable = false
}
variable "vpc_id" {
description = "(Required) The ID of the VPC which the subnet group belongs to."
type = string
nullable = false
}
variable "subnets" {
description = <<EOF
(Required) A configuration of subnets to create in the subnet group. Each block of `subnets` as defined below.
(Optional) `type` - The type of subnet. Valid values are `DUALSTACK` and `IPV6`. Defaults to `DUALSTACK`.
(Optional) `availability_zone` - The availability zone of the subnet. If the value of `availability_zone` and `availability_zone_id` are both not provided, the subnet will be created in random availability zone.
(Optional) `availability_zone_id` - The availability zone ID of the subnet. If the value of `availability_zone` and `availability_zone_id` are both not provided, the subnet will be created in random availability zone.
(Optional) `ipv4_cidr` - The IPv4 CIDR block for the subnet.
(Optional) `ipv6_cidr` - The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.
EOF
type = map(object({
type = optional(string, "DUALSTACK")
availability_zone = optional(string)
availability_zone_id = optional(string)
ipv4_cidr = optional(string)
ipv6_cidr = optional(string)
}))
nullable = false
validation {
condition = length(keys(var.subnets)) > 0
error_message = "At least one subnet must be provided."
}
validation {
condition = alltrue([
for subnet in values(var.subnets) :
contains(["DUALSTACK", "IPV6"], subnet.type)
])
error_message = "Valid values for `type` of each subnet are `DUALSTACK` and `IPV6`."
}
validation {
condition = alltrue([
for subnet in values(var.subnets) :
subnet.ipv4_cidr != null
if subnet.type == "DUALSTACK"
])
error_message = "IPv4 CIDR block must be provided for `DUALSTACK` subnet."
}
validation {
condition = alltrue([
for subnet in values(var.subnets) :
subnet.ipv6_cidr != null && subnet.ipv4_cidr == null
if subnet.type == "IPV6"
])
error_message = "IPv6 CIDR block must be provided for `IPV6` subnet."
}
}
variable "local_network_interface_device_index" {
description = <<EOF
(Optional) The device position for local network interfaces in this subnet. For example, `1` indicates local network interfaces in this subnet are the secondary network interface (eth1). A local network interface cannot be the primary network interface (eth0).
EOF
type = number
default = null
nullable = true
}
variable "public_ipv4_address_assignment" {
description = <<EOF
(Optional) A configuration for public IPv4 address assignment. `public_ipv4_address_assignment` as defined below.
(Optional) `enabled` - Whether to automatically request a public IPv4 address for a new network interface in this subnet. Defaults to `false`.
EOF
type = object({
enabled = optional(bool, false)
})
default = {}
nullable = false
}
variable "customer_owned_ipv4_address_assignment" {
description = <<EOF
(Optional) A configuration for Customer-owned IPv4 address assignment. `customer_owned_ipv4_address_assignment` as defined below.
(Optional) `enabled` - Whether to automatically request a Customer-owned IPv4 address for a new network interface in this subnet. Defaults to `false`.
(Optional) `outpost` - The Amazon Resource Name (ARN) of the Outpost.
(Optional) `pool` - The customer owned IPv4 address pool.
EOF
type = object({
enabled = optional(bool, false)
outpost = optional(string)
pool = optional(string)
})
default = {}
nullable = false
}
variable "ipv6_address_assignment" {
description = <<EOF
(Optional) A configuration for IPv6 address assignment. `ipv6_address_assignment` as defined below.
(Optional) `enabled` - Whether to automatically request a IPv6 address for a new network interface in this subnet. Defaults to `false`.
EOF
type = object({
enabled = optional(bool, false)
})
default = {}
nullable = false
}
variable "dns_config" {
description = <<EOF
(Optional) A configuration for DNS queries for the subnet. `dns_config` as defined below.
(Optional) `hostname_type` - The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID (`RESOURCE_NAME`). For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address (`IP_NAME`) or the instance ID (`RESOURCE_NAME`). Valid values are `IP_NAME`, `RESOURCE_NAME`. Defaults to `RESOURCE_NAME`.
(Optional) `dns_resource_name_ipv4_enabled` - Whether to respond to DNS queries for instance hostnames with DNS A records. Always `false` for IPv6 only subnet. Defaults to `false`.
(Optional) `dns_resource_name_ipv6_enabled` - Whether to respond to DNS queries for instance hostnames with DNS AAAA records. Always `true` for IPv6 only subnet. Defaults to `false`.
(Optional) `dns64_enabled` - Whether to enable DNS64 to allow IPv6-only services in Amazon VPC to communicate with IPv4-only services and networks. Defaults to `false`.
EOF
type = object({
hostname_type = optional(string, "RESOURCE_NAME")
dns_resource_name_ipv4_enabled = optional(bool, false)
dns_resource_name_ipv6_enabled = optional(bool, false)
dns64_enabled = optional(bool, false)
})
default = {}
nullable = false
validation {
condition = contains(["IP_NAME", "RESOURCE_NAME"], var.dns_config.hostname_type)
error_message = "Valid values for `hostname_type` are `IP_NAME` and `RESOURCE_NAME`."
}
}
variable "transit_gateway_attachments" {
description = <<EOF
(Optional) A list of configurations for Transit Gateway VPC attachments. Each block of `transit_gateway_attachments` as defined below.
(Required) `name` - The name of the Transit Gateway VPC attachment.
(Required) `transit_gateway` - The ID of the Transit Gateway.
(Optional) `appliance_mode_enabled` - Whether Appliance Mode support is enabled. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Defaults to `false`.
(Optional) `dns_support_enabled` - Whether to enable Domain Name System resolution for VPCs attached to this transit gateway. Defaults to `true`.
(Optional) `ipv6_enabled` - Whether to enable IPv6 support. Defaults to `false`.
(Optional) `default_association_route_table_enabled` - Whether to automatically associate transit gateway attachments with this transit gateway's default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Defaults to `false`.
(Optional) `default_propagation_route_table_enabled` - Whether to automatically propagate transit gateway attachments with this transit gateway's default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Defaults to `false`.
(Optional) `tags` - A map of tags to add to the vpc association.
EOF
type = list(object({
name = string
transit_gateway = string
appliance_mode_enabled = optional(bool, false)
dns_support_enabled = optional(bool, true)
ipv6_enabled = optional(bool, false)
default_association_route_table_enabled = optional(bool, false)
default_propagation_route_table_enabled = optional(bool, false)
tags = optional(map(string), {})
}))
default = []
nullable = false
validation {
condition = alltrue([
for attachment in var.transit_gateway_attachments :
startswith(attachment.transit_gateway, "tgw-")
])
error_message = "Valid value for `transit_gateway` must be the ID of the Transit Gateway."
}
}
variable "dax_subnet_group" {
description = <<EOF
(Optional) A configuration of DAX Subnet Group. `dax_subnet_group` as defined below.
(Optional) `enabled` - Whether to create DAX Subnet Group. Defaults to `false`.
(Optional) `name` - The name of the DAX Subnet Group. If not provided, the value of `name` will be used.
(Optional) `description` - The description of the DAX Subnet Group.
EOF
type = object({
enabled = optional(bool, false)
name = optional(string)
description = optional(string, "Managed by Terraform.")
})
default = {}
nullable = false
}
variable "dms_replication_subnet_group" {
description = <<EOF
(Optional) A configuration of DMS Replication Subnet Group. `dms_replication_subnet_group` as defined below.
(Optional) `enabled` - Whether to create DMS Replication Subnet Group. Defaults to `false`.
(Optional) `name` - The name of the DMS Replication Subnet Group. If not provided, the value of `name` will be used.
(Optional) `description` - The description of the DMS Replication Subnet Group.
EOF
type = object({
enabled = optional(bool, false)
name = optional(string)
description = optional(string, "Managed by Terraform.")
})
default = {}
nullable = false
}
variable "docdb_subnet_group" {
description = <<EOF
(Optional) A configuration of DocumentDB Subnet Group. `docdb_subnet_group` as defined below.
(Optional) `enabled` - Whether to create DocumentDB Subnet Group. Defaults to `false`.
(Optional) `name` - The name of the DocumentDB Subnet Group. If not provided, the value of `name` will be used.
(Optional) `description` - The description of the DocumentDB Subnet Group.
EOF
type = object({
enabled = optional(bool, false)
name = optional(string)
description = optional(string, "Managed by Terraform.")
})
default = {}
nullable = false
}
variable "elasticache_subnet_group" {
description = <<EOF
(Optional) A configuration of ElastiCache Subnet Group. `elasticache_subnet_group` as defined below.
(Optional) `enabled` - Whether to create ElastiCache Subnet Group. Defaults to `false`.
(Optional) `name` - The name of the ElastiCache Subnet Group. If not provided, the value of `name` will be used.
(Optional) `description` - The description of the ElastiCache Subnet Group.
EOF
type = object({
enabled = optional(bool, false)
name = optional(string)
description = optional(string, "Managed by Terraform.")
})
default = {}
nullable = false
}
variable "memorydb_subnet_group" {
description = <<EOF
(Optional) A configuration of MemoryDB Subnet Group. `memorydb_subnet_group` as defined below.
(Optional) `enabled` - Whether to create MemoryDB Subnet Group. Defaults to `false`.
(Optional) `name` - The name of the MemoryDB Subnet Group. If not provided, the value of `name` will be used.
(Optional) `description` - The description of the MemoryDB Subnet Group.
EOF
type = object({
enabled = optional(bool, false)
name = optional(string)
description = optional(string, "Managed by Terraform.")
})
default = {}
nullable = false
}
variable "neptune_subnet_group" {
description = <<EOF
(Optional) A configuration of Neptune Subnet Group. `neptune_subnet_group` as defined below.
(Optional) `enabled` - Whether to create Neptune Subnet Group. Defaults to `false`.
(Optional) `name` - The name of the Neptune Subnet Group. If not provided, the value of `name` will be used.
(Optional) `description` - The description of the Neptune Subnet Group.
EOF
type = object({
enabled = optional(bool, false)
name = optional(string)
description = optional(string, "Managed by Terraform.")
})
default = {}
nullable = false
}
variable "rds_subnet_group" {
description = <<EOF
(Optional) A configuration of RDS Subnet Group. `rds_subnet_group` as defined below.
(Optional) `enabled` - Whether to create RDS Subnet Group. Defaults to `false`.
(Optional) `name` - The name of the RDS Subnet Group. If not provided, the value of `name` will be used.
(Optional) `description` - The description of the RDS Subnet Group.
EOF
type = object({
enabled = optional(bool, false)
name = optional(string)
description = optional(string, "Managed by Terraform.")
})
default = {}
nullable = false
}
variable "redshift_subnet_group" {
description = <<EOF
(Optional) A configuration of Redshift Subnet Group. `redshift_subnet_group` as defined below.
(Optional) `enabled` - Whether to create Redshift Subnet Group. Defaults to `false`.
(Optional) `name` - The name of the Redshift Subnet Group. If not provided, the value of `name` will be used.
(Optional) `description` - The description of the Redshift Subnet Group.
EOF
type = object({
enabled = optional(bool, false)
name = optional(string)
description = optional(string, "Managed by Terraform.")
})
default = {}
nullable = false
}
variable "timeouts" {
description = "(Optional) How long to wait for the subnet group to be created/deleted."
type = object({
create = optional(string, "10m")
delete = optional(string, "20m")
})
default = {}
nullable = false
}
variable "tags" {
description = "(Optional) A map of tags to add to all resources."
type = map(string)
default = {}
nullable = false
}
variable "module_tags_enabled" {
description = "(Optional) Whether to create AWS Resource Tags for the module informations."
type = bool
default = true
nullable = false
}
###################################################
# Resource Group
###################################################
variable "resource_group_enabled" {
description = "(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module."
type = bool
default = true
nullable = false
}
variable "resource_group_name" {
description = "(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`."
type = string
default = ""
nullable = false
}
variable "resource_group_description" {
description = "(Optional) The description of Resource Group."
type = string
default = "Managed by Terraform."
nullable = false
}
###################################################
# Resource Sharing by RAM (Resource Access Manager)
###################################################
variable "shares" {
description = "(Optional) A list of resource shares via RAM (Resource Access Manager)."
type = list(object({
name = optional(string)
permissions = optional(set(string), ["AWSRAMDefaultPermissionSubnet"])
external_principals_allowed = optional(bool, false)
principals = optional(set(string), [])
tags = optional(map(string), {})
}))
default = []
nullable = false
}