-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
49 lines (42 loc) · 2.18 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
variable "awp_cloud_account_id" {
description = "CLOUDGUARD_ACCOUNT_ID or AZURE_SUBSCRIPTION_ID"
type = string
}
variable "awp_scan_mode" {
description = "AWP scan mode, possible values are: <inAccount | saas | inAccountHub | inAccountSub>"
type = string
default = "inAccount"
}
variable "awp_centralized_cloud_account_id" {
description = "CENTRALIZED_CLOUDGUARD_ACCOUNT_ID or CENTRALIZED_AZURE_SUBSCRIPTION_ID"
type = string
default = null
}
variable "awp_is_scanned_hub" {
description = "AWP is scanned hub" # Is the hub (centralized) subscription also scanned by AWP, this param is relevant in case scan_mode is inAccountHub.
type = bool
default = false
}
variable "management_group_id" {
description = "Management Group Id" # relevant for "inAccountHub" scan mode.
type = string
default = null
}
variable "awp_additional_tags" {
description = "Additional tags to be added to the module resources"
type = map(string)
default = {}
}
variable "awp_account_settings_azure" {
description = "Azure Cloud Account settings" # supported only for inAccount, inAccountSub and saas scan mode
type = object({
disabled_regions = optional(list(string)) # List of regions to disable scanning e.g. ["eastus", "westus"]
skip_function_apps_scan = optional(bool) # Skip Azure Function Apps scan (supported for inAccount and inAccountSub scan modes)
scan_machine_interval_in_hours = optional(number) # Scan machine interval in hours
max_concurrent_scans_per_region = optional(number) # Maximum concurrence scans per region
in_account_scanner_vpc = optional(string) # The VPC Mode. Valid values: "ManagedByAWP", "ManagedByCustomer" (supported for inAccount and inAccountHub scan modes)
sse_cmk_encrypted_disks_scan = optional(bool) # Scan SSE CMK encrypted disks (supported for inAccountHub scan mode)
custom_tags = optional(map(string)) # Custom tags to be added to AWP resources e.g. {"key1" = "value1", "key2" = "value2"}
})
default = {}
}