forked from serverless-ca/terraform-aws-ca
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
145 lines (116 loc) · 3.25 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
variable "tags" {
type = map(string)
default = {}
}
variable "bucket_prefix" {
description = "first part of bucket name to ensure uniqueness, if left blank a random suffix will be used instead"
default = ""
}
variable "purpose" {
description = "second part of bucket name"
}
variable "global_bucket" {
description = "bucket with no environment suffix"
default = false
}
variable "environment" {
description = "suffix to include in bucket name if global_bucket set to false"
default = "dev"
}
variable "kms_key_alias" {
description = "KMS key alias for bucket encryption"
default = ""
}
variable "kms_encryption_key_arn" {
description = "ARN of KMS encryption key used in some bucket policies"
default = ""
}
variable "default_aws_kms_key" {
description = "use default AWS KMS key instead of customer managed key"
default = false
}
variable "sse_algorithm" {
description = "Server side encryption algorithm, options are AES256 and aws:kms"
default = "aws:kms"
}
variable "server_side_encryption" {
description = "Enable default server side encryption"
default = true
}
variable "bucket_key_enabled" {
description = "Whether or not to use Amazon S3 Bucket Keys for SSE-KMS"
default = false
}
variable "acl" {
description = "access control list"
default = "private"
}
variable "versioning" {
description = "Enable versioning"
default = "Enabled"
}
variable "block_public_acls" {
default = true
}
variable "block_public_policy" {
default = true
}
variable "ignore_public_acls" {
default = true
}
variable "restrict_public_buckets" {
default = true
}
variable "access_logs" {
description = "Enable access logs"
default = false
}
variable "log_bucket" {
description = "name of log bucket if access_logs set to true"
default = ""
}
variable "force_destroy" {
description = "destroy S3 bucket on Terraform destroy even with objects in bucket"
default = true
}
variable "object_ownership" {
description = "manage S3 bucket ownership controls, options are BucketOwnerPreferred, ObjectWriter, BucketOwnerEnforced"
default = "BucketOwnerPreferred"
}
variable "oai_arn" {
description = "ARN of CloudFront Origin Access Identity"
default = ""
}
variable "public_crl" {
description = "Whether to make the CRL and CA certificates publicly available"
default = false
}
variable "app_aws_principals" {
description = "List of AWS principals to allow access to CA External S3 bucket"
type = list(string)
default = []
}
variable "filter_suffix" {
description = "Filter suffix for notifications"
default = ".log"
}
variable "lifecycle_policy" {
description = "Include lifecycle policy"
default = false
}
variable "ia_transition" {
description = "Days at which transition to standard IA if lifecycle policy set"
default = 90
}
variable "glacier_transition" {
description = "Days at which transition to Glacier if lifecycle policy set"
default = 180
}
variable "noncurrent_transition" {
description = "Days at which non current version to Glacier if lifecycle policy set"
default = 30
}
variable "abort_uploads" {
description = "Days at which to abort multipart uploads if lifecycle policy set"
default = 2
}