-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
171 lines (145 loc) · 4.46 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# module vpc
variable "vpc_name" {
description = "Fetch VPC by name tag, if vpc_id is present, ignore this"
type = string
default = null
}
variable "vpc_tags" {
description = "VPC tags to pick up VPC"
type = map(any)
default = {}
}
variable "vpc_id" {
description = "VPC id, if this is provided, the vpc_name will be ignored"
type = string
default = null
}
# Security Group to create
variable "name" {
description = "Secruity group name, if not present will auto generated based on context"
type = string
default = null
}
variable "description" {
description = "description"
type = string
default = "Security Group managed by IaC terraform"
}
variable "tags" {
description = "Custom tags"
type = map(any)
default = {}
}
variable "whitelist_file" {
description = "IP Whitelist file for a3linux/ipwhitelist/null module"
type = string
default = null
}
# For ingress rules
# For module whitelist(ingress)
variable "allowed_services" {
description = "Allowed services, the key in port service mapping module or port_service_mappings"
type = list(string)
default = []
}
variable "allowed_sources" {
description = "List of allowed sources defined for whitelist module to generate IP list"
type = list(any)
default = []
}
variable "allowed_ips" {
description = "List of allowed ip, additional IP list to sources list"
type = list(string)
default = []
}
# module port_service
variable "port_service_mappings" {
description = "Customized port service mappings, {service-name = [from_port, to_port, protocol, descrtiption]} which will merge to port service mapping module one"
type = map(list(any))
default = {}
}
variable "security_groups" {
description = "List of Security Group IDs(group-id) allowed to connect to the instance."
type = list(string)
default = []
}
variable "security_group_names" {
description = "List of Security Group Names(group-name) allowed to connect to the instance."
type = list(string)
default = []
}
variable "allowed_ipv6" {
description = "List of allowed ipv6."
type = list(any)
default = []
}
# Security group to update
variable "is_external" {
description = "Enable to update and manage existed security Group, the module will NOT create security group"
type = bool
default = false
}
variable "existing_sg_id" {
description = "Provide existing security group id"
type = string
default = null
}
variable "prefix_list_ids" {
description = "Provide allow source Prefix id of resources"
type = list(string)
default = []
}
##########################33
# egress Rules parameters
variable "egress_rule" {
description = "Enable to create egress rule, if it is false, only default security group egress rule created to allow to access all"
type = bool
default = false
}
# For module whitelist(egress)
variable "eg_allowed_sources" {
description = "List of allowed sources defined for whitelist module to generate IP list"
type = list(any)
default = []
}
variable "eg_allowed_ips" {
description = "List of allowed ip, additional IP list to sources list"
type = list(string)
default = []
}
variable "enable_self" {
description = "Allow ingress traffic for the security group internal(self)"
type = bool
default = false
}
# module port_service
variable "eg_port_service_mappings" {
description = "Customized port service mappings, {service-name = [from_port, to_port, protocol, descrtiption]}"
type = map(list(any))
default = {}
}
variable "eg_allowed_services" {
description = "Allowed services, the key in port_service module or port_service_mappings"
type = list(string)
default = []
}
variable "eg_security_groups" {
description = "List of Security Group IDs allowed to connect to the instance."
type = list(string)
default = []
}
variable "eg_security_group_names" {
description = "List of Egress Security Group Names(group-name) allowed to connect to the instance."
type = list(string)
default = []
}
variable "eg_allowed_ipv6" {
description = "List of allowed ipv6."
type = list(any)
default = []
}
variable "eg_prefix_list_ids" {
description = "List of prefix list IDs (for allowing access to VPC endpoints)Only valid with egress"
type = list(any)
default = []
}