-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
variables.tf
122 lines (98 loc) · 3.25 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
variable "vpc_id" {
type = string
description = "The bastion host resides in this VPC."
}
variable "subnet_ids" {
type = list(string)
description = "The subnets to place the bastion in."
}
variable "iam_role_path" {
type = string
description = "Role path for the created bastion instance profile. Must end with '/'. Not used if instance[\"profile_name\"] is set."
default = "/"
}
variable "iam_user_arns" {
type = list(string)
description = "ARNs of the user who are allowed to assume the role giving access to the bastion host. Not used if instance[\"profile_name\"] is set."
}
variable "schedule" {
type = object({
start = string
stop = string
time_zone = string
})
description = "Defines when to start and stop the instances. Use 'start' and 'stop' with a cron expression and add the 'time_zone'."
default = null
}
variable "kms_key_arn" {
type = string
description = "The ARN of the KMS key used to encrypt the resources."
default = null
}
variable "bastion_access_tag_value" {
type = string
description = "Value added as tag 'bastion-access' of the launched EC2 instance to be used to restrict access to the machine vie IAM."
default = "developer"
}
variable "egress_open_tcp_ports" {
type = list(number)
description = "The list of TCP ports to open for outgoing traffic."
}
variable "resource_names" {
type = object({
prefix = string
separator = string
})
description = "Settings for generating resource names. Set the prefix and the separator according to your company style guide."
default = {
"prefix" : "bastion"
"separator" : "-"
}
}
variable "instance" {
type = object({
type = string # EC2 instance type
desired_capacity = number # number of EC2 instances to run
root_volume_size = number # in GB
enable_monitoring = bool
enable_spot = bool
profile_name = string
})
description = "Defines the basic parameters for the EC2 instance used as Bastion host"
default = {
type = "t3.nano"
desired_capacity = 1
root_volume_size = 8
enable_monitoring = false
enable_spot = false
profile_name = ""
}
}
variable "instances_distribution" {
type = object({
on_demand_base_capacity = number # absolute minimum amount of on_demand instances
on_demand_percentage_above_base_capacity = number # percentage split between on-demand and Spot instances
spot_allocation_strategy = string
})
description = "Defines the parameters for mixed instances policy auto scaling"
default = {
on_demand_base_capacity = 0
on_demand_percentage_above_base_capacity = 0
spot_allocation_strategy = "lowest-price"
}
}
variable "tags" {
type = map(string)
description = "A list of tags to add to all resources."
default = {}
}
variable "ami_id" {
type = string
description = "The AMI ID to use for the bastion host. If not set a default AMI is used which is updated regularly"
default = null
}
variable "log_group_retention_days" {
type = number
description = "Number of days for the Cloudwatch Log-Group retention period"
default = 5
}