-
Notifications
You must be signed in to change notification settings - Fork 61
/
Copy pathvariables.tf
executable file
·252 lines (207 loc) · 7.53 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
variable "bastion_instance_types" {
description = "List of ec2 types for the bastion host, used by aws_launch_template (first from the list) and in aws_autoscaling_group"
default = ["t3.small", "t3.medium", "t3.large"]
}
variable "cidr_blocks_whitelist_host" {
description = "range(s) of incoming IP addresses to whitelist for the HOST"
type = list(string)
default = []
}
variable "cidr_blocks_whitelist_service" {
description = "range(s) of incoming IP addresses to whitelist for the SERVICE"
type = list(string)
default = []
}
variable "environment_name" {
description = "the name of the environment that we are deploying to, used in tagging. Overwritten if var.service_name and var.bastion_host_name values are changed"
default = "staging"
}
variable "vpc" {
description = "ID for Virtual Private Cloud to apply security policy and deploy stack to"
}
variable "bastion_service_host_key_name" {
description = "AWS ssh key *.pem to be used for ssh access to the bastion service host"
default = ""
}
variable "public_ip" {
default = false
description = "Associate a public IP with the host instance when launching"
}
variable "subnets_lb" {
type = list(string)
description = "list of subnets for load balancer - availability zones must match subnets_asg"
}
variable "subnets_asg" {
type = list(string)
description = "list of subnets for autoscaling group - availability zones must match subnets_lb"
}
variable "dns_domain" {
description = "The domain used for Route53 records"
default = ""
}
variable "route53_zone_id" {
description = "Route53 zoneId"
default = ""
}
variable "bastion_allowed_iam_group" {
type = string
description = "Name IAM group, members of this group will be able to ssh into bastion instances if they have provided ssh key in their profile"
default = ""
}
variable "tags" {
type = map(string)
description = "AWS tags that should be associated with created resources"
default = {}
}
variable "bastion_host_name" {
type = string
default = ""
description = "The hostname to give to the bastion instance"
}
##############################
#LB ASG variables
##############################
variable "lb_healthy_threshold" {
type = string
description = "Healthy threshold for lb target group"
default = "2"
}
variable "lb_unhealthy_threshold" {
type = string
description = "Unhealthy threshold for lb target group"
default = "2"
}
variable "lb_interval" {
type = string
description = "interval for lb target group health check"
default = "30"
}
variable "lb_is_internal" {
type = string
description = "whether the lb will be internal"
default = false
}
variable "asg_max" {
type = string
description = "Max numbers of bastion-service hosts in ASG"
default = "2"
}
variable "asg_min" {
type = string
description = "Min numbers of bastion-service hosts in ASG"
default = "1"
}
variable "asg_desired" {
type = string
description = "Desired numbers of bastion-service hosts in ASG"
default = "1"
}
variable "aws_region" {
}
variable "aws_profile" {
default = ""
}
variable "assume_role_arn" {
description = "arn for role to assume in separate identity account if used"
default = ""
}
variable "lb_healthcheck_port" {
description = "TCP port to conduct lb target group healthchecks. Acceptable values are 2222 or the value defined for `bastion_service_port`"
default = "2222"
}
variable "bastion_vpc_name" {
description = "define the last part of the hostname, by default this is the vpc ID with magic default value of 'vpc_id' but you can pass a custom string, or an empty value to omit this"
default = "vpc_id"
}
variable "container_ubuntu_version" {
description = "ubuntu version to use for service container"
default = "22.04"
}
variable "extra_user_data_content" {
default = ""
description = "Extra user-data to add to the default built-in"
}
variable "extra_user_data_content_type" {
default = "text/x-shellscript"
description = "What format is content in - eg 'text/cloud-config' or 'text/x-shellscript'"
}
variable "extra_user_data_merge_type" {
# default = "list(append)+dict(recurse_array)+str()"
default = "str(append)"
description = "Control how cloud-init merges user-data sections"
}
variable "custom_ssh_populate" {
description = "any value excludes default ssh_populate script used on container launch from userdata"
default = ""
}
variable "custom_authorized_keys_command" {
description = "any value excludes default Go binary iam-authorized-keys built from source from userdata"
default = ""
}
variable "custom_docker_setup" {
description = "any value excludes default docker installation and container build from userdata"
default = ""
}
variable "custom_systemd" {
description = "any value excludes default systemd and hostname change from userdata"
default = ""
}
variable "custom_ami_id" {
description = "id for custom ami if used"
default = ""
}
variable "security_groups_additional" {
description = "additional security group IDs to attach to host instance"
type = list(string)
default = []
}
variable "service_name" {
description = "Unique name per vpc for associated resources- set to some non-default value for multiple deployments per vpc"
default = "bastion-service"
}
variable "route53_fqdn" {
description = "If creating a public DNS entry with this module then you may override the default constructed DNS entry by supplying a fully qualified domain name here which will be used verbatim"
default = ""
}
variable "on_demand_base_capacity" {
default = 0
description = "allows a base level of on demand when using spot"
}
variable "delete_network_interface_on_termination" {
description = "if network interface created for bastion host should be deleted when instance in terminated. Setting propagated to aws_launch_template.network_interfaces.delete_on_termination"
default = true
}
variable "bastion_ebs_size" {
description = "Size of EBS attached to the bastion instance"
default = 8
}
variable "bastion_ebs_device_name" {
description = "Name of bastion instance block device"
default = "/dev/sda1"
}
variable "autoscaling_group_enabled_metrics" {
type = list(string)
description = "A list of CloudWatch metrics to collect on the autoscaling group. Permitted values include: GroupMinSize; GroupMaxSize; GroupDesiredCapacity; GroupInServiceInstances; GroupPendingInstances; GroupStandbyInstances; GroupTerminatingInstances; GroupTotalInstances"
default = []
}
variable "custom_outbound_security_group" {
type = bool
default = false
description = "don't create default outgoing permissive security group rule - will only work with custom AMI or if security group supplied with ports 53(UDP); 80(TCP); 443(TCP) open for 0.0.0.0/0 egress"
}
variable "bastion_service_port" {
type = number
description = "Port for containerised ssh daemon"
default = 22
}
variable "bastion_metadata_options" {
type = object({
http_endpoint = optional(string)
http_tokens = optional(string)
http_put_response_hop_limit = optional(number)
http_protocol_ipv6 = optional(string)
instance_metadata_tags = optional(string)
})
description = "Passthrough for aws_launch_template.metadata_options. **Don't** apply `http_*` options if you're not sure what you're doing!"
default = {}
}