-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
87 lines (73 loc) · 4.1 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# ------------------------------------------------------------------------------
# REQUIRED PARAMETERS
#
# You must provide a value for each of these parameters.
# ------------------------------------------------------------------------------
variable "cool_lambda_artifacts_s3_bucket" {
description = "The name of the bucket where COOL Lambda deployment packages are to be stored."
type = string
}
variable "disable_inactive_users_lambda_key" {
description = "The S3 key associated with the Lambda function deployment package to disable inactive IAM users."
type = string
}
# ------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
#
# These parameters have reasonable defaults.
# ------------------------------------------------------------------------------
variable "aws_region" {
default = "us-east-1"
description = "The AWS region where the non-global resources for the Cyber Hygiene account are to be provisioned (e.g. \"us-east-1\")."
type = string
}
variable "cyhy_lambda_artifacts_s3_bucket_prefix" {
default = "cool-cyhy-lambda-deployment-artifacts"
description = "The prefix of the name of the bucket in the Cyber Hygiene account where any Lambda deployment artifacts for a CyHy environment will be stored. A unique bucket name beginning with the specified prefix will be created."
type = string
}
variable "provisionaccount_role_description" {
default = "Allows sufficient permissions to provision all AWS resources in the Cyber Hygiene account."
description = "The description to associate with the IAM role that allows sufficient permissions to provision all AWS resources in the Cyber Hygiene account."
type = string
}
variable "provisionaccount_role_name" {
default = "ProvisionAccount"
description = "The name to assign the IAM role that allows sufficient permissions to provision all AWS resources in the Cyber Hygiene account."
type = string
}
variable "provisionlambdabucket_policy_description" {
default = "Allows sufficient permissions to provision the Lambda deployment artifacts S3 bucket in the Cyber Hygiene account."
description = "The description to associate with the IAM policy that allows sufficient permissions to provision the Lambda deployment artifacts S3 bucket in the Cyber Hygiene account."
type = string
}
variable "provisionlambdabucket_policy_name" {
default = "ProvisionLambdaArtifactsBucket"
description = "The name to assign the IAM policy that allows sufficient permissions to provision the Lambda deployment artifacts S3 bucket in the Cyber Hygiene account."
type = string
}
variable "provisionssmsessionmanager_policy_description" {
default = "Allows sufficient permissions to provision the SSM Document resource and set up SSM session logging in the Cyber Hygiene account."
description = "The description to associate with the IAM policy that allows sufficient permissions to provision the SSM Document resource and set up SSM session logging in the Cyber Hygiene account."
type = string
}
variable "provisionssmsessionmanager_policy_name" {
default = "ProvisionSSMSessionManager"
description = "The name to assign the IAM policy that allows sufficient permissions to provision the SSM Document resource and set up SSM session logging in the Cyber Hygiene account."
type = string
}
variable "read_cool_lambda_bucket_policy_description" {
default = "Allows read-only access to the bucket in the Terraform account containing Lambda deployments."
description = "The description to associate with the IAM role that allows read-only access to the bucket in the Terraform account containing Lambda deployments."
type = string
}
variable "read_cool_lambda_bucket_policy_name" {
default = "LambdaBucketReadOnly"
description = "The name to assign the IAM policy that allows read-only access to the bucket in the Terraform account containing Lambda deployments."
type = string
}
variable "tags" {
default = {}
description = "Tags to apply to all AWS resources provisioned."
type = map(string)
}