-
Notifications
You must be signed in to change notification settings - Fork 40
/
variables.tf
225 lines (189 loc) · 5.88 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
variable "s3_bucket_name" {
description = "S3 bucket to store AWS logs in."
type = string
}
variable "s3_log_bucket_retention" {
description = "Number of days to keep AWS logs around."
default = 90
type = string
}
variable "noncurrent_version_retention" {
description = "Number of days to retain non-current versions of objects if versioning is enabled."
type = string
default = 30
}
variable "s3_bucket_acl" {
description = "Set bucket ACL per [AWS S3 Canned ACL](<https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl>) list."
default = null
type = string
}
variable "s3_logs_prefix" {
description = "S3 prefix for S3 access logs."
default = "s3"
type = string
}
variable "elb_logs_prefix" {
description = "S3 prefix for ELB logs."
default = "elb"
type = string
}
variable "alb_logs_prefixes" {
description = "S3 key prefixes for ALB logs."
default = ["alb"]
type = list(string)
}
variable "cloudwatch_logs_prefix" {
description = "S3 prefix for CloudWatch log exports."
default = "cloudwatch"
type = string
}
variable "cloudtrail_logs_prefix" {
description = "S3 prefix for CloudTrail logs."
default = "cloudtrail"
type = string
}
variable "redshift_logs_prefix" {
description = "S3 prefix for RedShift logs."
default = "redshift"
type = string
}
variable "config_logs_prefix" {
description = "S3 prefix for AWS Config logs."
default = "config"
type = string
}
# Service Switches
variable "default_allow" {
description = "Whether all services included in this module should be allowed to write to the bucket by default. Alternatively select individual services. It's recommended to use the default bucket ACL of log-delivery-write."
default = true
type = bool
}
variable "allow_cloudtrail" {
description = "Allow Cloudtrail service to log to bucket."
default = false
type = bool
}
variable "allow_cloudwatch" {
description = "Allow Cloudwatch service to export logs to bucket."
default = false
type = bool
}
variable "allow_alb" {
description = "Allow ALB service to log to bucket."
default = false
type = bool
}
variable "allow_nlb" {
description = "Allow NLB service to log to bucket."
default = false
type = bool
}
variable "allow_config" {
description = "Allow Config service to log to bucket."
default = false
type = bool
}
variable "allow_elb" {
description = "Allow ELB service to log to bucket."
default = false
type = bool
}
variable "allow_redshift" {
description = "Allow Redshift service to log to bucket."
default = false
type = bool
}
variable "allow_s3" {
description = "Allow S3 service to log to bucket."
default = false
type = bool
}
variable "create_public_access_block" {
description = "Whether to create a public_access_block restricting public access to the bucket."
default = true
type = bool
}
variable "cloudtrail_accounts" {
description = "List of accounts for CloudTrail logs. By default limits to the current account."
default = []
type = list(string)
}
variable "config_accounts" {
description = "List of accounts for Config logs. By default limits to the current account."
default = []
type = list(string)
}
variable "alb_account" {
description = "Account for ALB logs. By default limits to the current account."
default = ""
type = string
}
variable "elb_accounts" {
description = "List of accounts for ELB logs. By default limits to the current account."
default = []
type = list(string)
}
variable "nlb_account" {
description = "Account for NLB logs. By default limits to the current account."
default = ""
type = string
}
variable "force_destroy" {
description = "A bool that indicates all objects (including any locked objects) should be deleted from the bucket so the bucket can be destroyed without error."
default = false
type = bool
}
variable "nlb_logs_prefixes" {
description = "S3 key prefixes for NLB logs."
default = ["nlb"]
type = list(string)
}
variable "cloudtrail_org_id" {
description = "AWS Organization ID for CloudTrail."
default = ""
type = string
}
variable "logging_target_bucket" {
description = "S3 Bucket to send S3 logs to. Disables logging if omitted."
default = ""
type = string
}
variable "logging_target_prefix" {
description = "Prefix for logs going into the log_s3_bucket."
default = "s3/"
type = string
}
variable "tags" {
type = map(string)
default = {}
description = "A mapping of tags to assign to the logs bucket. Please note that tags with a conflicting key will not override the original tag."
}
variable "versioning_status" {
description = "A string that indicates the versioning status for the log bucket."
default = "Disabled"
type = string
validation {
condition = contains(["Enabled", "Disabled", "Suspended"], var.versioning_status)
error_message = "Valid values for versioning_status are Enabled, Disabled, or Suspended."
}
}
variable "enable_s3_log_bucket_lifecycle_rule" {
description = "Whether the lifecycle rule for the log bucket is enabled."
default = true
type = bool
}
variable "enable_mfa_delete" {
description = "A bool that requires MFA to delete the log bucket."
default = false
type = bool
}
variable "control_object_ownership" {
description = "Whether to manage S3 Bucket Ownership Controls on this bucket."
type = bool
default = true
}
variable "object_ownership" {
description = "Object ownership. Valid values: BucketOwnerEnforced, BucketOwnerPreferred or ObjectWriter."
type = string
default = "BucketOwnerEnforced"
}