-
Notifications
You must be signed in to change notification settings - Fork 8
/
variables.tf
295 lines (248 loc) · 10.5 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
variable "add_waf" {
description = "Add an existing Regional WAF to the ALB. true | false"
type = bool
default = false
}
variable "create_internal_zone_record" {
description = "Create Route 53 internal zone record for the ALB. i.e true | false"
type = bool
default = false
}
variable "create_logging_bucket" {
description = "Create a new S3 logging bucket. i.e. true | false"
type = bool
default = true
}
variable "customer_alarms_cleared" {
description = "Specifies whether alarms will notify customers when returning to an OK status."
type = bool
default = false
}
variable "customer_alarms_enabled" {
description = "Specifies whether alarms will notify customers. Automatically enabled if rackspace_managed is set to false"
type = bool
default = false
}
variable "drop_invalid_header_fields" {
description = "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false)."
type = bool
default = false
}
variable "enable_deletion_protection" {
description = "If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false."
type = bool
default = false
}
variable "enable_http2" {
description = "If true sets HTTP/2 to enabled."
type = bool
default = true
}
variable "enable_https_redirect" {
description = "If true and at least one HTTP and one HTTPS listener is created, HTTP listeners will have a redirect rule created to forward all traffic to the first HTTPS listener."
type = bool
default = false
}
variable "environment" {
description = "Application environment for which this network is being created. one of: ('Development', 'Integration', 'PreProduction', 'Production', 'QA', 'Staging', 'Test')"
type = string
default = "Development"
}
variable "extra_ssl_certs_count" {
description = "The number of extra ssl certs to be added."
type = number
default = 0
}
variable "extra_ssl_certs" {
description = "A list of maps describing any extra SSL certificates to apply to the HTTPS listeners. Certificates must be in the same region as the ALB. Required key/values: certificate_arn, https_listener_index (the index of the listener within https_listeners which the cert applies toward). [{'certificate_arn', 'arn:aws:iam::123456789012:server-certificate/other_test_cert-123456789012', 'https_listener_index', 1}]"
type = list(map(string))
default = []
}
variable "http_listeners" {
description = "List of Maps of HTTP listeners (port, protocol, target_group_index). i.e. [{'port', 80 , 'protocol', 'HTTP'}, {'port', 8080, 'protocol', 'HTTP'}]"
type = list(map(string))
default = [
{
port = 80
protocol = "HTTP"
},
]
}
variable "http_listeners_count" {
description = "The number of HTTP listeners to be created."
type = number
default = 1
}
variable "https_listeners" {
description = "List of Maps of HTTPS listeners. Certificate must be in the same region as the ALB. (port, certificate_arn, ssl_policy (optional: defaults to ELBSecurityPolicy-2016-08), target_group_index (optional: defaults to 0)) i.e. [{'certificate_arn', 'arn:aws:iam::123456789012:server-certificate/test_cert-123456789012', 'port', 443}]"
type = list(map(string))
default = []
}
variable "https_listeners_count" {
description = "The number of HTTPS listeners to be created."
type = string
default = 0
}
variable "idle_timeout" {
description = "The idle timeout value, in seconds. The valid range is 1-3600. The default is 60 seconds."
type = number
default = 60
}
variable "internal_record_name" {
description = "Record Name for the new Resource Record in the Internal Hosted Zone. i.e. alb.example.com"
type = string
default = ""
}
variable "internal_zone_id" {
description = "The Route53 Internal Hosted Zone ID."
type = string
default = ""
}
variable "kms_key_id" {
description = "The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms."
type = string
default = ""
}
variable "load_balancer_create_timeout" {
description = "Timeout value when creating the ALB."
type = string
default = "10m"
}
variable "load_balancer_delete_timeout" {
description = "Timeout value when deleting the ALB."
type = string
default = "10m"
}
variable "load_balancer_is_internal" {
description = "Indicates whether the load balancer is Internet-facing or internal. i.e. true | false"
type = bool
default = false
}
variable "load_balancer_update_timeout" {
description = "Timeout value when updating the ALB."
type = string
default = "10m"
}
variable "logging_bucket_acl" {
description = "Define ACL for Bucket. Must be either authenticated-read, aws-exec-read, log-delivery-write, private, public-read or public-read-write. Via https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl"
type = string
default = "private"
}
variable "logging_bucket_encyption" {
description = "Enable default bucket encryption. i.e. AES256 | aws:kms"
type = string
default = "AES256"
}
variable "logging_bucket_force_destroy" {
description = "Whether all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. ie. true | false"
type = bool
default = false
}
variable "logging_bucket_name" {
description = "The name of the S3 bucket for the access logs. The bucket name can contain only lowercase letters, numbers, periods (.), and dashes (-). If creating a new logging bucket enter desired bucket name."
type = string
default = ""
}
variable "logging_bucket_prefix" {
description = "The prefix for the location in the S3 bucket. If you don't specify a prefix, the access logs are stored in the root of the bucket. Entry must not start with a / or end with one. i.e. 'logs' or 'data/logs'"
type = string
default = null
}
variable "logging_bucket_retention" {
description = "The number of days to retain load balancer logs. Parameter is ignored if not creating a new S3 bucket. i.e. between 1 - 999"
type = number
default = 14
}
variable "logging_enabled" {
description = "Whether logging for this bucket is enabled."
type = bool
default = false
}
variable "name" {
description = "A name for the load balancer, which must be unique within your AWS account."
type = string
}
variable "notification_topic" {
description = "List of SNS Topic ARNs to use for customer notifications."
type = list(string)
default = []
}
variable "rackspace_alarms_enabled" {
description = "Specifies whether alarms will create a Rackspace ticket. Ignored if rackspace_managed is set to false."
type = bool
default = false
}
variable "rackspace_managed" {
description = "Boolean parameter controlling if instance will be fully managed by Rackspace support teams, created CloudWatch alarms that generate tickets, and utilize Rackspace managed SSM documents."
type = bool
default = true
}
variable "register_instance_targets" {
description = "List of Maps with the index of the target group and the instance id being registered with that group. i.e. [{'instance_id' : 'i-052f1856e2a471b74', 'target_group_index' : 0}, {'instance_id' : 'i-0cc4b566324707026', 'target_group_index' : 0}]"
type = list(map(string))
default = []
}
variable "register_instance_targets_count" {
description = "Count of ec2 instances being added to the target groups."
type = number
default = 0
}
variable "security_groups" {
description = "A list of EC2 security group ids to assign to this resource. i.e. ['sg-edcd9784', 'sg-edcd9785']"
type = list(string)
}
variable "subnets" {
description = "A list of at least two IDs of the subnets to associate with the load balancer. i.e ['subnet-abcde012', 'subnet-bcde012a']"
type = list(string)
}
variable "tags" {
description = "A map of tags to be applied to the ALB. i.e {Environment='Development'}"
type = map(string)
default = {}
}
variable "target_groups" {
description = "A list of maps containing key/value pairs that define the target groups to be created. Order of these maps is important and the index of these are to be referenced in listener definitions. Optional key/values are in the target_groups_defaults variable. i.e. [{'name', 'foo', 'backend_protocol', 'HTTP', 'backend_port', '80'}]"
type = list(map(string))
default = [
{
"name" = "ALB-TargetGroup"
"backend_protocol" = "HTTP"
"backend_port" = 80
},
]
}
variable "target_groups_count" {
description = "The number of target groups to create"
type = number
default = 1
}
variable "target_groups_defaults" {
description = "Default values for target groups as defined by the list of maps. i.e. [{ 'cookie_duration': 86400, 'deregistration_delay': 300, 'health_check_healthy_threshold': 3, 'health_check_interval': 10, 'health_check_matcher': '200-299', 'health_check_path': '/', 'health_check_port': 'traffic-port', 'health_check_timeout': 5, 'health_check_unhealthy_threshold': 3, 'stickiness_enabled': true, 'load_balancing_algorithm_type': 'round_robin', 'target_type': 'instance' }]"
type = list(map(string))
default = [
{
"cookie_duration" = 86400
"deregistration_delay" = 30
"health_check_healthy_threshold" = 5
"health_check_interval" = 30
"health_check_matcher" = "200-299"
"health_check_path" = "/"
"health_check_port" = "traffic-port"
"health_check_timeout" = 5
"health_check_unhealthy_threshold" = 2
"load_balancing_algorithm_type" = "round_robin"
"stickiness_enabled" = false
"slow_start" = 0
"target_type" = "instance"
},
]
}
variable "vpc_id" {
description = "The VPC in which your targets are located. i.e. vpc-abcde012"
type = string
}
variable "waf_id" {
description = "The unique identifier (ID) for the Regional Web Application Firewall (WAF) ACL. i.e. 329d10ec-e221-49d1-9f4b-e1294150d292"
type = string
default = ""
}