-
Notifications
You must be signed in to change notification settings - Fork 1
/
variables.tf
147 lines (126 loc) · 4.17 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
variable "bucket_name" {
type = string
default = null
description = "The name of the bucket to store the exported findings (will be created if not specified)"
validation {
condition = !can(regex(".*\\/$", var.bucket_name))
error_message = "Bucket must not end with /"
}
}
variable "bucket_prefix" {
type = string
default = "/"
description = "The prefix to use for the bucket"
nullable = false
validation {
condition = can(regex("^\\/", var.bucket_prefix))
error_message = "Prefix must start with /"
}
validation {
condition = can(regex(".*\\/$", var.bucket_prefix))
error_message = "Prefix must end with /"
}
}
variable "cluster_arn" {
type = string
default = null
description = "ARN of an existing ECS cluster, if left empty a new cluster will be created"
}
variable "config" {
type = object({
allowed_account_ids = optional(list(string), [])
denied_account_ids = optional(list(string), [])
frameworks = optional(list(string), [])
log_level = optional(string)
report_suppressed_findings = optional(bool, false)
single_account_id = optional(string)
zone_name = optional(string)
})
description = "Map containing labeler configuration options"
validation {
condition = var.config.zone_name != "" || var.config.single_account_id != ""
error_message = "Either zone_name or single_account_id is required"
}
}
variable "kms_key_arn" {
type = string
description = "The ARN of the KMS key to use for encryption"
}
variable "iam_role_path" {
type = string
default = "/"
description = "The path for the IAM role"
}
variable "iam_permissions_boundary" {
type = string
default = null
description = "The permissions boundary to attach to the IAM role"
}
variable "image_uri" {
type = string
default = "ghcr.io/schubergphilis/awsenergylabeler:main"
description = "The URI of the container image to use"
}
variable "memory" {
type = number
default = 512
description = "The memory size of the task"
validation {
condition = contains([512, 1024, 2048], var.memory)
error_message = "Unsupported memory size"
}
}
variable "name" {
type = string
description = "Name prefix of labeler resources"
default = "aws-energy-labeler"
validation {
condition = can(regex("^[a-zA-Z0-9_-]+$", var.name))
error_message = "Name must be alphanumeric and can contain - and _"
}
}
variable "schedule_expression" {
type = string
default = "cron(0 13 ? * SUN *)"
description = "The cron expression to be used for triggering the labeler"
}
variable "security_group_egress_rules" {
type = list(object({
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = string
from_port = optional(number, 0)
ip_protocol = optional(string, "-1")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
to_port = optional(number, 0)
}))
default = [
{
cidr_ipv4 = "0.0.0.0/0"
ip_protocol = "tcp"
from_port = 443
to_port = 443
description = "Allow outgoing HTTPS traffic for the labeler to work"
}
]
description = "Security Group egress rules"
validation {
condition = length(var.security_group_egress_rules) > 0
error_message = "At least one egress rule must be provided"
}
validation {
condition = alltrue([for o in var.security_group_egress_rules : (o.cidr_ipv4 != null || o.cidr_ipv6 != null || o.prefix_list_id != null || o.referenced_security_group_id != null)])
error_message = "One of \"cidr_ipv4\", \"cidr_ipv6\", \"prefix_list_id\", or \"referenced_security_group_id\" are required"
}
}
variable "subnet_ids" {
type = list(string)
default = null
description = "VPC subnet ids this lambda runs from"
}
variable "tags" {
type = map(string)
default = {}
description = "A mapping of tags to assign"
}