-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvariables.tf
92 lines (74 loc) · 2.05 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
variable "region" {
description = "AWS Region"
default = ""
}
variable "vpc_id" {
description = "VPC ID"
}
variable "cidr_whitelist" {
type = list(string)
description = "List of CIDRs allowed to access ssh on the bastion host"
}
variable "bucket_name" {
description = "Name for the bastion s3 bucket. Optional, defaults to workspace-bastion-storage"
default = ""
}
variable "enable_bucket_versioning" {
description = "Enable bucket versioning on bastion s3 bucket"
default = true
}
variable "asg_subnets" {
type = list(string)
description = "List of subnet IDs for the ASG"
}
variable "lb_subnets" {
type = list(string)
description = "List of subnet IDs for the NLB"
}
variable "desired_count" {
description = "Desired count for the bastion ASG"
default = 1
}
variable "max_count" {
description = "Max count for the bastion ASG"
default = 2
}
variable "min_count" {
description = "Min count for the bastion ASG"
default = 1
}
variable "instance_type" {
description = "Instance type for the bastion host. Default = t2.nano"
default = "t3a.micro" # nano is too weak to run ansible role geerlingguy.security
}
variable "associate_public_ip_address" {
description = "Associate public IP address to bastion host instances"
default = false
}
variable "key_name" {
description = "Bastion host key pair name"
}
variable "create_route53_record" {
description = "Create an A record in route 53 for the NLB. If true, hosted_zone is required."
default = false
}
variable "hosted_zone" {
description = "Name of the route53 hosted zone to add a bastion record"
default = ""
}
variable "dns_record_name" {
description = "Name for the A record added to the hosted zone"
default = "bastion"
}
variable "tags" {
default = {}
}
variable "vpc_name" {
type = string
description = "Name of the VPC this bastion serves"
}
variable "sudoers" {
type = list(string)
description = "Usernames that will be granted passwordless sudo privilege"
default = []
}