-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvariables.tf
208 lines (180 loc) · 7.41 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
/* -------------------------------------------------------------------------- */
/* Generic */
/* -------------------------------------------------------------------------- */
variable "name" {
description = "Name of the ECS cluster to create"
type = string
}
variable "environment" {
description = "Environment Variable used as a prefix"
type = string
}
variable "prefix" {
description = "The prefix name of customer to be displayed in AWS console and resource"
type = string
}
variable "tags" {
description = "Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys"
type = map(any)
default = {}
}
/* -------------------------------------------------------------------------- */
/* ECS Cluster */
/* -------------------------------------------------------------------------- */
variable "is_enable_container_insights" {
description = "Whether to be used to enable CloudWatch Container Insights for a cluster."
type = bool
default = true
}
variable "alb_access_logs_bucket_name" {
description = "ALB access_logs S3 bucket name."
type = string
default = ""
}
variable "is_enable_access_log" {
description = "Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified."
type = bool
default = false
}
/* -------------------------------------------------------------------------- */
/* Security Group */
/* -------------------------------------------------------------------------- */
variable "additional_security_group_ingress_rules" {
description = "Map of ingress and any specific/overriding attributes to be created"
type = any
default = {}
}
/* -------------------------------------------------------------------------- */
/* VPC */
/* -------------------------------------------------------------------------- */
variable "vpc_id" {
description = "VPC to deploy the cluster in"
type = string
}
variable "public_subnet_ids" {
description = "Public subnets for AWS Application Load Balancer deployment"
type = list(string)
default = []
}
variable "private_subnet_ids" {
description = "Private subnets for container deployment"
type = list(string)
default = []
}
/* -------------------------------------------------------------------------- */
/* Security Group */
/* -------------------------------------------------------------------------- */
/* -------------------------------- ECS Tasks ------------------------------- */
variable "is_create_ecs_task_security_group" {
description = "Whether to create ECS tasks security group or not"
type = bool
default = true
}
variable "ecs_task_security_group_id" {
type = string
description = "(Require) when is_create_alb_security_group is set to `false`"
default = ""
}
/* ----------------------------------- ALB ---------------------------------- */
variable "is_create_alb_security_group" {
description = "Whether to create ALB security group or not"
type = bool
default = true
}
variable "alb_aws_security_group_id" {
description = "(Require) when is_create_alb_security_group is set to `false`"
type = string
default = ""
}
variable "additional_security_group_alb_ingress_rules" {
description = "Map of ingress and any specific/overriding attributes to be created"
type = any
default = {}
}
/* -------------------------------------------------------------------------- */
/* ALB */
/* -------------------------------------------------------------------------- */
variable "is_create_alb" {
description = "Whether to create alb or not"
type = bool
default = true
}
variable "is_public_alb" {
description = "Flag for Internal/Public ALB. ALB is production env should be public"
type = bool
default = false
}
variable "is_ignore_unsecured_connection" {
description = "Whether to by pass the HTTPs endpoints required or not"
type = bool
default = false
}
variable "alb_listener_port" {
description = "The port to listen on the ALB for public services (80/443, default 443)"
type = number
default = 443
}
variable "alb_certificate_arn" {
description = "Certitificate ARN to link with ALB"
type = string
default = ""
}
variable "enable_deletion_protection" {
description = "(Optional) If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false."
type = bool
default = false
}
variable "default_fixed_response" {
description = "Map of listener default fixed response"
type = any
default = {
content_type = "text/plain"
message_body = "No service found"
status_code = 503
order = null
}
}
/* -------------------------------------------------------------------------- */
/* DNS */
/* -------------------------------------------------------------------------- */
variable "is_create_alb_dns_record" {
description = "Whether to create ALB dns record or not"
type = bool
default = true
}
variable "route53_hosted_zone_name" {
description = "The domain name in Route53 to fetch the hosted zone, i.e. example.com, mango-dev.blue.cloud"
type = string
default = ""
}
variable "fully_qualified_domain_name" {
description = "The domain name for the ACM cert for attaching to the ALB i.e. *.example.com, www.amazing.com"
type = string
default = ""
}
/* -------------------------------------------------------------------------- */
/* IAM Role */
/* -------------------------------------------------------------------------- */
variable "is_create_role" {
description = "Whether to create ecs role or not"
type = bool
default = true
}
variable "allow_access_from_principals" {
description = "A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster"
type = list(string)
default = []
}
variable "additional_managed_policy_arns" {
description = "Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Terraform will ignore policy attachments to this resource. When configured, Terraform will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., managed_policy_arns = []) will cause Terraform to remove all managed policy attachments."
type = list(string)
default = []
}
/* -------------------------------------------------------------------------- */
/* Capacity Provider */
/* -------------------------------------------------------------------------- */
variable "capacity_provider_asg_config" {
description = "Auto scaling group arn for capacity provider EC2"
type = map(any)
default = null
}