-
Notifications
You must be signed in to change notification settings - Fork 2
/
variables.tf
262 lines (226 loc) · 8.45 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
variable "instance_count" {
description = "Number of instances to launch"
type = number
default = 1
}
variable "ami" {
description = "ID of AMI to use for the instance"
type = string
}
variable "name" {
description = "The name of the ec2 instance"
type = string
}
variable "ec2_instance_type" {
description = "The type of instance to start"
type = string
}
variable "ec2_key_pair" {
description = "The key name to use for the instance"
type = string
}
variable "root_volume_type" {
description = "The type of the root ebs volume on the ec2 instances created"
type = string
default = "gp3"
}
variable "root_volume_size" {
description = "The size of the root ebs volume on the ec2 instances created"
type = string
}
variable "ebs_volumes" {
description = "A list of maps that must contain device_name (ex. '/dev/sdb') and size (in GB). Optional args include type, throughput, iops, multi_attach_enabled, final_snapshot, snapshot_id, outpost_arn, force_detach, skip_destroy, stop_instance_before_detaching, and tags"
type = list(object({
device_name = string
size = number
type = string
throughput = optional(number)
iops = optional(number)
multi_attach_enabled = optional(bool, false)
final_snapshot = optional(string)
snapshot_id = optional(string)
outpost_arn = optional(string)
force_detach = optional(bool, false)
skip_destroy = optional(bool, false)
stop_instance_before_detaching = optional(bool, false)
tags = optional(map(string), {})
}))
default = []
}
variable "ebs_optimized" {
description = "Whether or not the instance is ebs optimized"
type = bool
default = true
}
variable "ebs_kms_key_arn" {
description = "The ARN of the KMS key to encrypt EBS volumes"
type = string
}
variable "target_group_arns" {
description = "A list of aws_alb_target_group ARNs, for use with Application Load Balancing"
default = []
type = list(string)
}
variable "vpc_id" {
description = "The id of the vpc where resources are being created"
type = string
}
variable "subnet_ids" {
description = "A list of the subnets to be used when provisioning ec2 instances. If instance count is 1, only the first subnet will be used"
type = list(string)
}
variable "private_ip" {
description = "The private ip for the instance"
type = string
default = null
}
variable "additional_security_groups" {
description = "A list of additional security groups to attach to the network interfaces"
type = list(string)
default = []
}
variable "associate_public_ip" {
description = "Whether or not to associate a public IP (not EIP)"
type = bool
default = false
}
variable "associate_eip" {
description = "Whether or not to associate an Elastic IP"
type = bool
default = false
}
variable "sg_description" {
description = "This overwrites the default generated description for the security group"
type = string
default = "Managed by Terraform"
}
variable "ingress_rules" {
description = "The list of rules for ingress traffic. Required fields for each rule are 'protocol', 'from_port', 'to_port', and at least one of 'cidr_blocks', 'ipv6_cidr_blocks', 'security_groups', 'self', or 'prefix_list_sg'. Optional fields are 'description' and those not used from the previous list"
type = map(object({
cidr_ipv4 = optional(string, null)
cidr_ipv6 = optional(string, null)
description = optional(string, "Managed by Terraform")
from_port = optional(string, null)
ip_protocol = optional(string, null)
prefix_list_id = optional(string, null)
referenced_security_group_id = optional(string, null)
to_port = optional(string, null)
}))
default = {}
}
variable "egress_rules" {
description = "The list of rules for egress traffic. Required fields for each rule are 'protocol', 'from_port', 'to_port', and at least one of 'cidr_blocks', 'ipv6_cidr_blocks', 'security_groups', 'self', or 'prefix_list_sg'. Optional fields are 'description' and those not used from the previous list"
type = map(object({
cidr_ipv4 = optional(string, null)
cidr_ipv6 = optional(string, null)
description = optional(string, "Managed by Terraform")
from_port = optional(string, null)
ip_protocol = optional(string, null)
prefix_list_id = optional(string, null)
referenced_security_group_id = optional(string, null)
to_port = optional(string, null)
}))
default = {}
}
variable "tags" {
description = "A mapping of tags to assign to the resource"
type = map(string)
default = {}
}
variable "global_tags" {
description = "a map of strings that contains global level tags"
type = map(string)
}
variable "keys_to_grant" {
description = "A list of kms keys to grant permissions to for the role created."
type = list(string)
default = []
}
variable "additional_eni_ids" {
description = "This variable allows for an ec2 instance to have multiple ENIs. Instance count must be set to 1"
type = list(string)
default = []
}
variable "source_dest_check" {
description = "Whether or not source/destination check should be enabled for the primary network interface"
type = bool
default = true
}
variable "user_data" {
description = "The User Data script to run"
type = string
default = null
}
variable "user_data_base64" {
description = "Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption"
type = string
default = null
}
variable "user_data_replace_on_change" {
description = "When used in combination with user_data or user_data_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set"
type = bool
default = null
}
variable "get_password_data" {
description = "Whether or not to allow retrieval of the local admin password"
type = bool
default = false
}
variable "iam_profile" {
description = "A variable to attach an existing iam profile to the ec2 instance(s) created"
type = string
default = ""
}
variable "iam_policies" {
description = "A list of the iam policy ARNs to attach to the IAM role"
type = list(string)
default = []
}
variable "add_SSMManagedInstanceCore" {
description = "Whether or not to apply the SSMManagedInstanceCore to the IAM role"
type = bool
default = true
}
variable "assume_role_policy" {
description = "Policy document allowing Principals to assume this role (e.g. Trust Relationship)"
type = string
default = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
variable "http_tokens" {
description = "Whether or not the metadata service requires session tokens, required=IMDSv2, optional=IMDSv1"
type = string
default = "required"
validation {
condition = can(regex("^(required|optional)$", var.http_tokens))
error_message = "ERROR: Valid values are 'required' or 'optional'."
}
}
variable "http_put_response_hop_limit" {
description = "Number of network hops to allow instance metadata. This should be 2 or higher if using containers on instance and you want containers to access metadata."
type = number
default = 1
}
variable "http_endpoint" {
description = "Whether the metadata service is available. Valid values include enabled or disabled"
type = string
default = "enabled"
}
variable "instance_metadata_tags" {
description = "Enables or disables access to instance tags from the instance metadata service. Valid values include enabled or disabled"
type = string
default = "enabled"
}