This repository has been archived by the owner on May 3, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
142 lines (130 loc) · 3.83 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
variable "delivery_frequency" {
type = string
description = "The frequency with which AWS Config recurringly delivers configuration snapshots. May be one of One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours"
default = "TwentyFour_Hours"
}
variable "enable_recorder" {
type = bool
description = "Whether the configuration recorder should be enabled or disabled"
default = true
}
variable "expiration" {
type = number
description = "The number of days to wait before expiring an object"
default = 2555
}
variable "transition_to_glacier" {
type = number
description = "The number of days to wait before transitioning an object to Glacier"
default = 30
}
variable "is_aggregator" {
type = bool
description = "Whether the account is to be an aggregator or not"
default = false
}
variable "aggregator_account_id" {
type = string
description = "The AWS Account ID of the aggregator account"
default = null
}
variable "aggregator_account_region" {
type = string
description = "The AWS Region of the aggregator account"
default = null
}
variable "source_account_ids" {
type = list(string)
description = "List of 12-digit account IDs of the accounts being aggregated"
default = []
}
variable "bucket_name" {
type = string
description = "The bucket name - required by both aggregator and source accounts"
}
variable "config_role_name" {
type = string
description = "Name of the role for config"
default = "CmdlabtfConfigRole"
}
variable "force_destroy" {
type = bool
description = "A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error"
default = false
}
variable "config_rules" {
type = map(any)
description = "A list of config rules. By not specifying, a minimum set of recommended rules are applied"
default = {
eip_attached = {
name = "eip-attached"
source = {
owner = "AWS"
source_identifier = "EIP_ATTACHED"
}
scope = {
compliance_resource_types = ["AWS::EC2::EIP"]
}
}
encrypted_volumes = {
name = "encrypted-volumes"
source = {
owner = "AWS"
source_identifier = "ENCRYPTED_VOLUMES"
}
scope = {
compliance_resource_types = ["AWS::EC2::SecurityGroup"]
}
}
s3_bucket_logging_enabled = {
name = "s3-bucket-logging-enabled"
source = {
owner = "AWS"
source_identifier = "S3_BUCKET_LOGGING_ENABLED"
}
scope = {
compliance_resource_types = ["AWS::S3::Bucket"]
}
}
acm_certificate_expiration_check = {
name = "acm-certificate-expiration-check"
source = {
owner = "AWS"
source_identifier = "ACM_CERTIFICATE_EXPIRATION_CHECK"
}
scope = {
compliance_resource_types = ["AWS::ACM::Certificate"]
}
}
ec2_instances_in_vpc = {
name = "ec2-instances-in-vpc"
source = {
owner = "AWS"
source_identifier = "INSTANCES_IN_VPC"
}
scope = {
compliance_resource_types = ["AWS::EC2::Instance"]
}
}
s3_bucket_ssl_requests_only = {
name = "s3-bucket-ssl-requests-only"
source = {
owner = "AWS"
source_identifier = "S3_BUCKET_SSL_REQUESTS_ONLY"
}
scope = {
compliance_resource_types = ["AWS::S3::Bucket"]
}
}
root_account_mfa_enabled = {
name = "root-account-mfa-enabled"
source = {
owner = "AWS"
source_identifier = "ROOT_ACCOUNT_MFA_ENABLED"
}
scope = {
compliance_resource_types = ["AWS::S3::Bucket"]
}
}
}
}