This is a mirror of the official AWS VPC module from github. (Prevents failed clones happening frequently when using github).
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

variables.tf 87KB

3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
3 years ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
Network ACLs (#238) * Add variables for network ACLs Add variables for specifying network ACLs for public, private, and intra subnets. The ACLs are defined in a list, with sets of seven elements for the rule number, rule action, from port, to port, protocol, and cidr block. * Add variables for network ACL tags Add variables to specify additional tags for public, private, and intra network ACL resources. * Add resources for network ACLs Add aws_network_acl and aws_network_acl_rule resources to specify inbound and outbound network ACL rules for public, private, and intra subnets. * Add resource for default network ACL Add a aws_default_network_acl resource to adopt the default network ACL in the VPC. * Adjust spacing to match code style Remove the empty lines after comment blocks for network ACLs to match the style of the rest of this module. * Copy simple-vpc example as network-acls Copy the simple-vpc example and adapt it to demonstrate the configuration of network ACLs. A set of inbound and outbound ACLs are specified in main.tf. * Rename variables from _acls to _acl_rules Clarify the variables for specifying ACL rules by renaming them from *_acls to *_acl_rules. The values are used to create rules, not create ACLs. * Add nacl resources and variables for other subnets Add aws_network_acl and aws_network_acl_rule resources for database, redshift, and elasticache subnets, along with corresponding variables. This provides network ACL coverage to all subnet types produced by this module. * Create ACLs only if there are subnets For each subnet type, only create ACL resources if there are subnets defined. For example, if database_subnets is empty, then don't create ACL resources for database subnets. * Add missing variables for ACL tags Add the missing variable declarations for database_acl_tags, redshift_acl_tags, and elasticache_acl_tags. * Make ACL singular in description for _acl_tags A single ACL is created for each of the subnet types. Update the variable descriptions to reflect this. * Convert rules to nested list of maps Convert the NACL rule specifications from a list of lists to a list of maps, as suggested by @jczerniak. This improves the readability of rules. * Restructure example config to use locals Restructure the network ACL rules in the network-acls example to use local variables to specify the rules, split between default and custom rules. * Follow-up for #174
1 year ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604
  1. variable "create_vpc" {
  2. description = "Controls if VPC should be created (it affects almost all resources)"
  3. type = bool
  4. default = true
  5. }
  6. variable "name" {
  7. description = "Name to be used on all the resources as identifier"
  8. type = string
  9. default = ""
  10. }
  11. variable "cidr" {
  12. description = "The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden"
  13. type = string
  14. default = "0.0.0.0/0"
  15. }
  16. variable "enable_ipv6" {
  17. description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block."
  18. type = bool
  19. default = false
  20. }
  21. variable "private_subnet_ipv6_prefixes" {
  22. description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  23. type = list(string)
  24. default = []
  25. }
  26. variable "public_subnet_ipv6_prefixes" {
  27. description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  28. type = list(string)
  29. default = []
  30. }
  31. variable "database_subnet_ipv6_prefixes" {
  32. description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  33. type = list(string)
  34. default = []
  35. }
  36. variable "redshift_subnet_ipv6_prefixes" {
  37. description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  38. type = list(string)
  39. default = []
  40. }
  41. variable "elasticache_subnet_ipv6_prefixes" {
  42. description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  43. type = list(string)
  44. default = []
  45. }
  46. variable "intra_subnet_ipv6_prefixes" {
  47. description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  48. type = list(string)
  49. default = []
  50. }
  51. variable "assign_ipv6_address_on_creation" {
  52. description = "Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  53. type = bool
  54. default = false
  55. }
  56. variable "private_subnet_assign_ipv6_address_on_creation" {
  57. description = "Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  58. type = bool
  59. default = null
  60. }
  61. variable "public_subnet_assign_ipv6_address_on_creation" {
  62. description = "Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  63. type = bool
  64. default = null
  65. }
  66. variable "database_subnet_assign_ipv6_address_on_creation" {
  67. description = "Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  68. type = bool
  69. default = null
  70. }
  71. variable "redshift_subnet_assign_ipv6_address_on_creation" {
  72. description = "Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  73. type = bool
  74. default = null
  75. }
  76. variable "elasticache_subnet_assign_ipv6_address_on_creation" {
  77. description = "Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  78. type = bool
  79. default = null
  80. }
  81. variable "intra_subnet_assign_ipv6_address_on_creation" {
  82. description = "Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  83. type = bool
  84. default = null
  85. }
  86. variable "secondary_cidr_blocks" {
  87. description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
  88. type = list(string)
  89. default = []
  90. }
  91. variable "instance_tenancy" {
  92. description = "A tenancy option for instances launched into the VPC"
  93. type = string
  94. default = "default"
  95. }
  96. variable "public_subnet_suffix" {
  97. description = "Suffix to append to public subnets name"
  98. type = string
  99. default = "public"
  100. }
  101. variable "private_subnet_suffix" {
  102. description = "Suffix to append to private subnets name"
  103. type = string
  104. default = "private"
  105. }
  106. variable "intra_subnet_suffix" {
  107. description = "Suffix to append to intra subnets name"
  108. type = string
  109. default = "intra"
  110. }
  111. variable "database_subnet_suffix" {
  112. description = "Suffix to append to database subnets name"
  113. type = string
  114. default = "db"
  115. }
  116. variable "redshift_subnet_suffix" {
  117. description = "Suffix to append to redshift subnets name"
  118. type = string
  119. default = "redshift"
  120. }
  121. variable "elasticache_subnet_suffix" {
  122. description = "Suffix to append to elasticache subnets name"
  123. type = string
  124. default = "elasticache"
  125. }
  126. variable "public_subnets" {
  127. description = "A list of public subnets inside the VPC"
  128. type = list(string)
  129. default = []
  130. }
  131. variable "private_subnets" {
  132. description = "A list of private subnets inside the VPC"
  133. type = list(string)
  134. default = []
  135. }
  136. variable "database_subnets" {
  137. description = "A list of database subnets"
  138. type = list(string)
  139. default = []
  140. }
  141. variable "redshift_subnets" {
  142. description = "A list of redshift subnets"
  143. type = list(string)
  144. default = []
  145. }
  146. variable "elasticache_subnets" {
  147. description = "A list of elasticache subnets"
  148. type = list(string)
  149. default = []
  150. }
  151. variable "intra_subnets" {
  152. description = "A list of intra subnets"
  153. type = list(string)
  154. default = []
  155. }
  156. variable "create_database_subnet_route_table" {
  157. description = "Controls if separate route table for database should be created"
  158. type = bool
  159. default = false
  160. }
  161. variable "create_redshift_subnet_route_table" {
  162. description = "Controls if separate route table for redshift should be created"
  163. type = bool
  164. default = false
  165. }
  166. variable "enable_public_redshift" {
  167. description = "Controls if redshift should have public routing table"
  168. type = bool
  169. default = false
  170. }
  171. variable "create_elasticache_subnet_route_table" {
  172. description = "Controls if separate route table for elasticache should be created"
  173. type = bool
  174. default = false
  175. }
  176. variable "create_database_subnet_group" {
  177. description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)"
  178. type = bool
  179. default = true
  180. }
  181. variable "create_elasticache_subnet_group" {
  182. description = "Controls if elasticache subnet group should be created"
  183. type = bool
  184. default = true
  185. }
  186. variable "create_redshift_subnet_group" {
  187. description = "Controls if redshift subnet group should be created"
  188. type = bool
  189. default = true
  190. }
  191. variable "create_database_internet_gateway_route" {
  192. description = "Controls if an internet gateway route for public database access should be created"
  193. type = bool
  194. default = false
  195. }
  196. variable "create_database_nat_gateway_route" {
  197. description = "Controls if a nat gateway route should be created to give internet access to the database subnets"
  198. type = bool
  199. default = false
  200. }
  201. variable "azs" {
  202. description = "A list of availability zones names or ids in the region"
  203. type = list(string)
  204. default = []
  205. }
  206. variable "enable_dns_hostnames" {
  207. description = "Should be true to enable DNS hostnames in the VPC"
  208. type = bool
  209. default = false
  210. }
  211. variable "enable_dns_support" {
  212. description = "Should be true to enable DNS support in the VPC"
  213. type = bool
  214. default = true
  215. }
  216. variable "enable_classiclink" {
  217. description = "Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic."
  218. type = bool
  219. default = null
  220. }
  221. variable "enable_classiclink_dns_support" {
  222. description = "Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic."
  223. type = bool
  224. default = null
  225. }
  226. variable "enable_nat_gateway" {
  227. description = "Should be true if you want to provision NAT Gateways for each of your private networks"
  228. type = bool
  229. default = false
  230. }
  231. variable "single_nat_gateway" {
  232. description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
  233. type = bool
  234. default = false
  235. }
  236. variable "one_nat_gateway_per_az" {
  237. description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`."
  238. type = bool
  239. default = false
  240. }
  241. variable "reuse_nat_ips" {
  242. description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable"
  243. type = bool
  244. default = false
  245. }
  246. variable "external_nat_ip_ids" {
  247. description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)"
  248. type = list(string)
  249. default = []
  250. }
  251. variable "external_nat_ips" {
  252. description = "List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)"
  253. type = list(string)
  254. default = []
  255. }
  256. variable "enable_public_s3_endpoint" {
  257. description = "Whether to enable S3 VPC Endpoint for public subnets"
  258. default = true
  259. type = bool
  260. }
  261. variable "enable_dynamodb_endpoint" {
  262. description = "Should be true if you want to provision a DynamoDB endpoint to the VPC"
  263. type = bool
  264. default = false
  265. }
  266. variable "enable_s3_endpoint" {
  267. description = "Should be true if you want to provision an S3 endpoint to the VPC"
  268. type = bool
  269. default = false
  270. }
  271. variable "enable_codeartifact_api_endpoint" {
  272. description = "Should be true if you want to provision an Codeartifact API endpoint to the VPC"
  273. type = bool
  274. default = false
  275. }
  276. variable "codeartifact_api_endpoint_security_group_ids" {
  277. description = "The ID of one or more security groups to associate with the network interface for Codeartifact API endpoint"
  278. type = list(string)
  279. default = []
  280. }
  281. variable "codeartifact_api_endpoint_subnet_ids" {
  282. description = "The ID of one or more subnets in which to create a network interface for Codeartifact API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  283. type = list(string)
  284. default = []
  285. }
  286. variable "codeartifact_api_endpoint_private_dns_enabled" {
  287. description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact API endpoint"
  288. type = bool
  289. default = false
  290. }
  291. variable "enable_codeartifact_repositories_endpoint" {
  292. description = "Should be true if you want to provision an Codeartifact repositories endpoint to the VPC"
  293. type = bool
  294. default = false
  295. }
  296. variable "codeartifact_repositories_endpoint_security_group_ids" {
  297. description = "The ID of one or more security groups to associate with the network interface for Codeartifact repositories endpoint"
  298. type = list(string)
  299. default = []
  300. }
  301. variable "codeartifact_repositories_endpoint_subnet_ids" {
  302. description = "The ID of one or more subnets in which to create a network interface for Codeartifact repositories endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  303. type = list(string)
  304. default = []
  305. }
  306. variable "codeartifact_repositories_endpoint_private_dns_enabled" {
  307. description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact repositories endpoint"
  308. type = bool
  309. default = false
  310. }
  311. variable "enable_codebuild_endpoint" {
  312. description = "Should be true if you want to provision an Codebuild endpoint to the VPC"
  313. type = bool
  314. default = false
  315. }
  316. variable "codebuild_endpoint_security_group_ids" {
  317. description = "The ID of one or more security groups to associate with the network interface for Codebuild endpoint"
  318. type = list(string)
  319. default = []
  320. }
  321. variable "codebuild_endpoint_subnet_ids" {
  322. description = "The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  323. type = list(string)
  324. default = []
  325. }
  326. variable "codebuild_endpoint_private_dns_enabled" {
  327. description = "Whether or not to associate a private hosted zone with the specified VPC for Codebuild endpoint"
  328. type = bool
  329. default = false
  330. }
  331. variable "enable_codecommit_endpoint" {
  332. description = "Should be true if you want to provision an Codecommit endpoint to the VPC"
  333. type = bool
  334. default = false
  335. }
  336. variable "codecommit_endpoint_security_group_ids" {
  337. description = "The ID of one or more security groups to associate with the network interface for Codecommit endpoint"
  338. type = list(string)
  339. default = []
  340. }
  341. variable "codecommit_endpoint_subnet_ids" {
  342. description = "The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  343. type = list(string)
  344. default = []
  345. }
  346. variable "codecommit_endpoint_private_dns_enabled" {
  347. description = "Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint"
  348. type = bool
  349. default = false
  350. }
  351. variable "enable_git_codecommit_endpoint" {
  352. description = "Should be true if you want to provision an Git Codecommit endpoint to the VPC"
  353. type = bool
  354. default = false
  355. }
  356. variable "git_codecommit_endpoint_security_group_ids" {
  357. description = "The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint"
  358. type = list(string)
  359. default = []
  360. }
  361. variable "git_codecommit_endpoint_subnet_ids" {
  362. description = "The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  363. type = list(string)
  364. default = []
  365. }
  366. variable "git_codecommit_endpoint_private_dns_enabled" {
  367. description = "Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint"
  368. type = bool
  369. default = false
  370. }
  371. variable "enable_config_endpoint" {
  372. description = "Should be true if you want to provision an config endpoint to the VPC"
  373. type = bool
  374. default = false
  375. }
  376. variable "config_endpoint_security_group_ids" {
  377. description = "The ID of one or more security groups to associate with the network interface for config endpoint"
  378. type = list(string)
  379. default = []
  380. }
  381. variable "config_endpoint_subnet_ids" {
  382. description = "The ID of one or more subnets in which to create a network interface for config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  383. type = list(string)
  384. default = []
  385. }
  386. variable "config_endpoint_private_dns_enabled" {
  387. description = "Whether or not to associate a private hosted zone with the specified VPC for config endpoint"
  388. type = bool
  389. default = false
  390. }
  391. variable "enable_sqs_endpoint" {
  392. description = "Should be true if you want to provision an SQS endpoint to the VPC"
  393. type = bool
  394. default = false
  395. }
  396. variable "sqs_endpoint_security_group_ids" {
  397. description = "The ID of one or more security groups to associate with the network interface for SQS endpoint"
  398. type = list(string)
  399. default = []
  400. }
  401. variable "sqs_endpoint_subnet_ids" {
  402. description = "The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  403. type = list(string)
  404. default = []
  405. }
  406. variable "sqs_endpoint_private_dns_enabled" {
  407. description = "Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint"
  408. type = bool
  409. default = false
  410. }
  411. variable "enable_lambda_endpoint" {
  412. description = "Should be true if you want to provision a Lambda endpoint to the VPC"
  413. type = bool
  414. default = false
  415. }
  416. variable "lambda_endpoint_security_group_ids" {
  417. description = "The ID of one or more security groups to associate with the network interface for Lambda endpoint"
  418. type = list(string)
  419. default = []
  420. }
  421. variable "lambda_endpoint_subnet_ids" {
  422. description = "The ID of one or more subnets in which to create a network interface for Lambda endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  423. type = list(string)
  424. default = []
  425. }
  426. variable "lambda_endpoint_private_dns_enabled" {
  427. description = "Whether or not to associate a private hosted zone with the specified VPC for Lambda endpoint"
  428. type = bool
  429. default = false
  430. }
  431. variable "enable_ssm_endpoint" {
  432. description = "Should be true if you want to provision an SSM endpoint to the VPC"
  433. type = bool
  434. default = false
  435. }
  436. variable "ssm_endpoint_security_group_ids" {
  437. description = "The ID of one or more security groups to associate with the network interface for SSM endpoint"
  438. type = list(string)
  439. default = []
  440. }
  441. variable "ssm_endpoint_subnet_ids" {
  442. description = "The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  443. type = list(string)
  444. default = []
  445. }
  446. variable "ssm_endpoint_private_dns_enabled" {
  447. description = "Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint"
  448. type = bool
  449. default = false
  450. }
  451. variable "enable_secretsmanager_endpoint" {
  452. description = "Should be true if you want to provision an Secrets Manager endpoint to the VPC"
  453. type = bool
  454. default = false
  455. }
  456. variable "secretsmanager_endpoint_security_group_ids" {
  457. description = "The ID of one or more security groups to associate with the network interface for Secrets Manager endpoint"
  458. type = list(string)
  459. default = []
  460. }
  461. variable "secretsmanager_endpoint_subnet_ids" {
  462. description = "The ID of one or more subnets in which to create a network interface for Secrets Manager endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  463. type = list(string)
  464. default = []
  465. }
  466. variable "secretsmanager_endpoint_private_dns_enabled" {
  467. description = "Whether or not to associate a private hosted zone with the specified VPC for Secrets Manager endpoint"
  468. type = bool
  469. default = false
  470. }
  471. variable "enable_apigw_endpoint" {
  472. description = "Should be true if you want to provision an api gateway endpoint to the VPC"
  473. type = bool
  474. default = false
  475. }
  476. variable "apigw_endpoint_security_group_ids" {
  477. description = "The ID of one or more security groups to associate with the network interface for API GW endpoint"
  478. type = list(string)
  479. default = []
  480. }
  481. variable "apigw_endpoint_private_dns_enabled" {
  482. description = "Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint"
  483. type = bool
  484. default = false
  485. }
  486. variable "apigw_endpoint_subnet_ids" {
  487. description = "The ID of one or more subnets in which to create a network interface for API GW endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  488. type = list(string)
  489. default = []
  490. }
  491. variable "enable_ssmmessages_endpoint" {
  492. description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC"
  493. type = bool
  494. default = false
  495. }
  496. variable "ssmmessages_endpoint_security_group_ids" {
  497. description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint"
  498. type = list(string)
  499. default = []
  500. }
  501. variable "ssmmessages_endpoint_subnet_ids" {
  502. description = "The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  503. type = list(string)
  504. default = []
  505. }
  506. variable "ssmmessages_endpoint_private_dns_enabled" {
  507. description = "Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint"
  508. type = bool
  509. default = false
  510. }
  511. variable "enable_textract_endpoint" {
  512. description = "Should be true if you want to provision an Textract endpoint to the VPC"
  513. type = bool
  514. default = false
  515. }
  516. variable "textract_endpoint_security_group_ids" {
  517. description = "The ID of one or more security groups to associate with the network interface for Textract endpoint"
  518. type = list(string)
  519. default = []
  520. }
  521. variable "textract_endpoint_subnet_ids" {
  522. description = "The ID of one or more subnets in which to create a network interface for Textract endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  523. type = list(string)
  524. default = []
  525. }
  526. variable "textract_endpoint_private_dns_enabled" {
  527. description = "Whether or not to associate a private hosted zone with the specified VPC for Textract endpoint"
  528. type = bool
  529. default = false
  530. }
  531. variable "enable_transferserver_endpoint" {
  532. description = "Should be true if you want to provision a Transfer Server endpoint to the VPC"
  533. type = bool
  534. default = false
  535. }
  536. variable "transferserver_endpoint_security_group_ids" {
  537. description = "The ID of one or more security groups to associate with the network interface for Transfer Server endpoint"
  538. type = list(string)
  539. default = []
  540. }
  541. variable "transferserver_endpoint_subnet_ids" {
  542. description = "The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  543. type = list(string)
  544. default = []
  545. }
  546. variable "transferserver_endpoint_private_dns_enabled" {
  547. description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint"
  548. type = bool
  549. default = false
  550. }
  551. variable "enable_ec2_endpoint" {
  552. description = "Should be true if you want to provision an EC2 endpoint to the VPC"
  553. type = bool
  554. default = false
  555. }
  556. variable "ec2_endpoint_security_group_ids" {
  557. description = "The ID of one or more security groups to associate with the network interface for EC2 endpoint"
  558. type = list(string)
  559. default = []
  560. }
  561. variable "ec2_endpoint_private_dns_enabled" {
  562. description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint"
  563. type = bool
  564. default = false
  565. }
  566. variable "ec2_endpoint_subnet_ids" {
  567. description = "The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  568. type = list(string)
  569. default = []
  570. }
  571. variable "enable_ec2messages_endpoint" {
  572. description = "Should be true if you want to provision an EC2MESSAGES endpoint to the VPC"
  573. type = bool
  574. default = false
  575. }
  576. variable "ec2messages_endpoint_security_group_ids" {
  577. description = "The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint"
  578. type = list(string)
  579. default = []
  580. }
  581. variable "ec2messages_endpoint_private_dns_enabled" {
  582. description = "Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint"
  583. type = bool
  584. default = false
  585. }
  586. variable "ec2messages_endpoint_subnet_ids" {
  587. description = "The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  588. type = list(string)
  589. default = []
  590. }
  591. variable "enable_ec2_autoscaling_endpoint" {
  592. description = "Should be true if you want to provision an EC2 Autoscaling endpoint to the VPC"
  593. type = bool
  594. default = false
  595. }
  596. variable "ec2_autoscaling_endpoint_security_group_ids" {
  597. description = "The ID of one or more security groups to associate with the network interface for EC2 Autoscaling endpoint"
  598. type = list(string)
  599. default = []
  600. }
  601. variable "ec2_autoscaling_endpoint_private_dns_enabled" {
  602. description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 Autoscaling endpoint"
  603. type = bool
  604. default = false
  605. }
  606. variable "ec2_autoscaling_endpoint_subnet_ids" {
  607. description = "The ID of one or more subnets in which to create a network interface for EC2 Autoscaling endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  608. type = list(string)
  609. default = []
  610. }
  611. variable "enable_ecr_api_endpoint" {
  612. description = "Should be true if you want to provision an ecr api endpoint to the VPC"
  613. type = bool
  614. default = false
  615. }
  616. variable "ecr_api_endpoint_subnet_ids" {
  617. description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used."
  618. type = list(string)
  619. default = []
  620. }
  621. variable "ecr_api_endpoint_private_dns_enabled" {
  622. description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint"
  623. type = bool
  624. default = false
  625. }
  626. variable "ecr_api_endpoint_security_group_ids" {
  627. description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint"
  628. type = list(string)
  629. default = []
  630. }
  631. variable "enable_ecr_dkr_endpoint" {
  632. description = "Should be true if you want to provision an ecr dkr endpoint to the VPC"
  633. type = bool
  634. default = false
  635. }
  636. variable "ecr_dkr_endpoint_subnet_ids" {
  637. description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used."
  638. type = list(string)
  639. default = []
  640. }
  641. variable "ecr_dkr_endpoint_private_dns_enabled" {
  642. description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint"
  643. type = bool
  644. default = false
  645. }
  646. variable "ecr_dkr_endpoint_security_group_ids" {
  647. description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint"
  648. type = list(string)
  649. default = []
  650. }
  651. variable "enable_kms_endpoint" {
  652. description = "Should be true if you want to provision a KMS endpoint to the VPC"
  653. type = bool
  654. default = false
  655. }
  656. variable "kms_endpoint_security_group_ids" {
  657. description = "The ID of one or more security groups to associate with the network interface for KMS endpoint"
  658. type = list(string)
  659. default = []
  660. }
  661. variable "kms_endpoint_subnet_ids" {
  662. description = "The ID of one or more subnets in which to create a network interface for KMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  663. type = list(string)
  664. default = []
  665. }
  666. variable "kms_endpoint_private_dns_enabled" {
  667. description = "Whether or not to associate a private hosted zone with the specified VPC for KMS endpoint"
  668. type = bool
  669. default = false
  670. }
  671. variable "enable_ecs_endpoint" {
  672. description = "Should be true if you want to provision a ECS endpoint to the VPC"
  673. type = bool
  674. default = false
  675. }
  676. variable "ecs_endpoint_security_group_ids" {
  677. description = "The ID of one or more security groups to associate with the network interface for ECS endpoint"
  678. type = list(string)
  679. default = []
  680. }
  681. variable "ecs_endpoint_subnet_ids" {
  682. description = "The ID of one or more subnets in which to create a network interface for ECS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  683. type = list(string)
  684. default = []
  685. }
  686. variable "ecs_endpoint_private_dns_enabled" {
  687. description = "Whether or not to associate a private hosted zone with the specified VPC for ECS endpoint"
  688. type = bool
  689. default = false
  690. }
  691. variable "enable_ecs_agent_endpoint" {
  692. description = "Should be true if you want to provision a ECS Agent endpoint to the VPC"
  693. type = bool
  694. default = false
  695. }
  696. variable "ecs_agent_endpoint_security_group_ids" {
  697. description = "The ID of one or more security groups to associate with the network interface for ECS Agent endpoint"
  698. type = list(string)
  699. default = []
  700. }
  701. variable "ecs_agent_endpoint_subnet_ids" {
  702. description = "The ID of one or more subnets in which to create a network interface for ECS Agent endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  703. type = list(string)
  704. default = []
  705. }
  706. variable "ecs_agent_endpoint_private_dns_enabled" {
  707. description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Agent endpoint"
  708. type = bool
  709. default = false
  710. }
  711. variable "enable_ecs_telemetry_endpoint" {
  712. description = "Should be true if you want to provision a ECS Telemetry endpoint to the VPC"
  713. type = bool
  714. default = false
  715. }
  716. variable "ecs_telemetry_endpoint_security_group_ids" {
  717. description = "The ID of one or more security groups to associate with the network interface for ECS Telemetry endpoint"
  718. type = list(string)
  719. default = []
  720. }
  721. variable "ecs_telemetry_endpoint_subnet_ids" {
  722. description = "The ID of one or more subnets in which to create a network interface for ECS Telemetry endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  723. type = list(string)
  724. default = []
  725. }
  726. variable "ecs_telemetry_endpoint_private_dns_enabled" {
  727. description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Telemetry endpoint"
  728. type = bool
  729. default = false
  730. }
  731. variable "enable_sns_endpoint" {
  732. description = "Should be true if you want to provision a SNS endpoint to the VPC"
  733. type = bool
  734. default = false
  735. }
  736. variable "sns_endpoint_security_group_ids" {
  737. description = "The ID of one or more security groups to associate with the network interface for SNS endpoint"
  738. type = list(string)
  739. default = []
  740. }
  741. variable "sns_endpoint_subnet_ids" {
  742. description = "The ID of one or more subnets in which to create a network interface for SNS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  743. type = list(string)
  744. default = []
  745. }
  746. variable "sns_endpoint_private_dns_enabled" {
  747. description = "Whether or not to associate a private hosted zone with the specified VPC for SNS endpoint"
  748. type = bool
  749. default = false
  750. }
  751. variable "enable_monitoring_endpoint" {
  752. description = "Should be true if you want to provision a CloudWatch Monitoring endpoint to the VPC"
  753. type = bool
  754. default = false
  755. }
  756. variable "monitoring_endpoint_security_group_ids" {
  757. description = "The ID of one or more security groups to associate with the network interface for CloudWatch Monitoring endpoint"
  758. type = list(string)
  759. default = []
  760. }
  761. variable "monitoring_endpoint_subnet_ids" {
  762. description = "The ID of one or more subnets in which to create a network interface for CloudWatch Monitoring endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  763. type = list(string)
  764. default = []
  765. }
  766. variable "monitoring_endpoint_private_dns_enabled" {
  767. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Monitoring endpoint"
  768. type = bool
  769. default = false
  770. }
  771. variable "enable_elasticloadbalancing_endpoint" {
  772. description = "Should be true if you want to provision a Elastic Load Balancing endpoint to the VPC"
  773. type = bool
  774. default = false
  775. }
  776. variable "elasticloadbalancing_endpoint_security_group_ids" {
  777. description = "The ID of one or more security groups to associate with the network interface for Elastic Load Balancing endpoint"
  778. type = list(string)
  779. default = []
  780. }
  781. variable "elasticloadbalancing_endpoint_subnet_ids" {
  782. description = "The ID of one or more subnets in which to create a network interface for Elastic Load Balancing endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  783. type = list(string)
  784. default = []
  785. }
  786. variable "elasticloadbalancing_endpoint_private_dns_enabled" {
  787. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Load Balancing endpoint"
  788. type = bool
  789. default = false
  790. }
  791. variable "enable_events_endpoint" {
  792. description = "Should be true if you want to provision a CloudWatch Events endpoint to the VPC"
  793. type = bool
  794. default = false
  795. }
  796. variable "events_endpoint_security_group_ids" {
  797. description = "The ID of one or more security groups to associate with the network interface for CloudWatch Events endpoint"
  798. type = list(string)
  799. default = []
  800. }
  801. variable "events_endpoint_subnet_ids" {
  802. description = "The ID of one or more subnets in which to create a network interface for CloudWatch Events endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  803. type = list(string)
  804. default = []
  805. }
  806. variable "events_endpoint_private_dns_enabled" {
  807. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Events endpoint"
  808. type = bool
  809. default = false
  810. }
  811. variable "enable_logs_endpoint" {
  812. description = "Should be true if you want to provision a CloudWatch Logs endpoint to the VPC"
  813. type = bool
  814. default = false
  815. }
  816. variable "logs_endpoint_security_group_ids" {
  817. description = "The ID of one or more security groups to associate with the network interface for CloudWatch Logs endpoint"
  818. type = list(string)
  819. default = []
  820. }
  821. variable "logs_endpoint_subnet_ids" {
  822. description = "The ID of one or more subnets in which to create a network interface for CloudWatch Logs endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  823. type = list(string)
  824. default = []
  825. }
  826. variable "logs_endpoint_private_dns_enabled" {
  827. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Logs endpoint"
  828. type = bool
  829. default = false
  830. }
  831. variable "enable_cloudtrail_endpoint" {
  832. description = "Should be true if you want to provision a CloudTrail endpoint to the VPC"
  833. type = bool
  834. default = false
  835. }
  836. variable "cloudtrail_endpoint_security_group_ids" {
  837. description = "The ID of one or more security groups to associate with the network interface for CloudTrail endpoint"
  838. type = list(string)
  839. default = []
  840. }
  841. variable "cloudtrail_endpoint_subnet_ids" {
  842. description = "The ID of one or more subnets in which to create a network interface for CloudTrail endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  843. type = list(string)
  844. default = []
  845. }
  846. variable "cloudtrail_endpoint_private_dns_enabled" {
  847. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudTrail endpoint"
  848. type = bool
  849. default = false
  850. }
  851. variable "enable_kinesis_streams_endpoint" {
  852. description = "Should be true if you want to provision a Kinesis Streams endpoint to the VPC"
  853. type = bool
  854. default = false
  855. }
  856. variable "kinesis_streams_endpoint_security_group_ids" {
  857. description = "The ID of one or more security groups to associate with the network interface for Kinesis Streams endpoint"
  858. type = list(string)
  859. default = []
  860. }
  861. variable "kinesis_streams_endpoint_subnet_ids" {
  862. description = "The ID of one or more subnets in which to create a network interface for Kinesis Streams endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  863. type = list(string)
  864. default = []
  865. }
  866. variable "kinesis_streams_endpoint_private_dns_enabled" {
  867. description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Streams endpoint"
  868. type = bool
  869. default = false
  870. }
  871. variable "enable_kinesis_firehose_endpoint" {
  872. description = "Should be true if you want to provision a Kinesis Firehose endpoint to the VPC"
  873. type = bool
  874. default = false
  875. }
  876. variable "kinesis_firehose_endpoint_security_group_ids" {
  877. description = "The ID of one or more security groups to associate with the network interface for Kinesis Firehose endpoint"
  878. type = list(string)
  879. default = []
  880. }
  881. variable "kinesis_firehose_endpoint_subnet_ids" {
  882. description = "The ID of one or more subnets in which to create a network interface for Kinesis Firehose endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  883. type = list(string)
  884. default = []
  885. }
  886. variable "kinesis_firehose_endpoint_private_dns_enabled" {
  887. description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Firehose endpoint"
  888. type = bool
  889. default = false
  890. }
  891. variable "enable_glue_endpoint" {
  892. description = "Should be true if you want to provision a Glue endpoint to the VPC"
  893. type = bool
  894. default = false
  895. }
  896. variable "glue_endpoint_security_group_ids" {
  897. description = "The ID of one or more security groups to associate with the network interface for Glue endpoint"
  898. type = list(string)
  899. default = []
  900. }
  901. variable "glue_endpoint_subnet_ids" {
  902. description = "The ID of one or more subnets in which to create a network interface for Glue endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  903. type = list(string)
  904. default = []
  905. }
  906. variable "glue_endpoint_private_dns_enabled" {
  907. description = "Whether or not to associate a private hosted zone with the specified VPC for Glue endpoint"
  908. type = bool
  909. default = false
  910. }
  911. variable "enable_sagemaker_notebook_endpoint" {
  912. description = "Should be true if you want to provision a Sagemaker Notebook endpoint to the VPC"
  913. type = bool
  914. default = false
  915. }
  916. variable "sagemaker_notebook_endpoint_region" {
  917. description = "Region to use for Sagemaker Notebook endpoint"
  918. type = string
  919. default = ""
  920. }
  921. variable "sagemaker_notebook_endpoint_security_group_ids" {
  922. description = "The ID of one or more security groups to associate with the network interface for Sagemaker Notebook endpoint"
  923. type = list(string)
  924. default = []
  925. }
  926. variable "sagemaker_notebook_endpoint_subnet_ids" {
  927. description = "The ID of one or more subnets in which to create a network interface for Sagemaker Notebook endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  928. type = list(string)
  929. default = []
  930. }
  931. variable "sagemaker_notebook_endpoint_private_dns_enabled" {
  932. description = "Whether or not to associate a private hosted zone with the specified VPC for Sagemaker Notebook endpoint"
  933. type = bool
  934. default = false
  935. }
  936. variable "enable_sts_endpoint" {
  937. description = "Should be true if you want to provision a STS endpoint to the VPC"
  938. type = bool
  939. default = false
  940. }
  941. variable "sts_endpoint_security_group_ids" {
  942. description = "The ID of one or more security groups to associate with the network interface for STS endpoint"
  943. type = list(string)
  944. default = []
  945. }
  946. variable "sts_endpoint_subnet_ids" {
  947. description = "The ID of one or more subnets in which to create a network interface for STS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  948. type = list(string)
  949. default = []
  950. }
  951. variable "sts_endpoint_private_dns_enabled" {
  952. description = "Whether or not to associate a private hosted zone with the specified VPC for STS endpoint"
  953. type = bool
  954. default = false
  955. }
  956. variable "enable_cloudformation_endpoint" {
  957. description = "Should be true if you want to provision a Cloudformation endpoint to the VPC"
  958. type = bool
  959. default = false
  960. }
  961. variable "cloudformation_endpoint_security_group_ids" {
  962. description = "The ID of one or more security groups to associate with the network interface for Cloudformation endpoint"
  963. type = list(string)
  964. default = []
  965. }
  966. variable "cloudformation_endpoint_subnet_ids" {
  967. description = "The ID of one or more subnets in which to create a network interface for Cloudformation endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  968. type = list(string)
  969. default = []
  970. }
  971. variable "cloudformation_endpoint_private_dns_enabled" {
  972. description = "Whether or not to associate a private hosted zone with the specified VPC for Cloudformation endpoint"
  973. type = bool
  974. default = false
  975. }
  976. variable "enable_codepipeline_endpoint" {
  977. description = "Should be true if you want to provision a CodePipeline endpoint to the VPC"
  978. type = bool
  979. default = false
  980. }
  981. variable "codepipeline_endpoint_security_group_ids" {
  982. description = "The ID of one or more security groups to associate with the network interface for CodePipeline endpoint"
  983. type = list(string)
  984. default = []
  985. }
  986. variable "codepipeline_endpoint_subnet_ids" {
  987. description = "The ID of one or more subnets in which to create a network interface for CodePipeline endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  988. type = list(string)
  989. default = []
  990. }
  991. variable "codepipeline_endpoint_private_dns_enabled" {
  992. description = "Whether or not to associate a private hosted zone with the specified VPC for CodePipeline endpoint"
  993. type = bool
  994. default = false
  995. }
  996. variable "enable_appmesh_envoy_management_endpoint" {
  997. description = "Should be true if you want to provision a AppMesh endpoint to the VPC"
  998. type = bool
  999. default = false
  1000. }
  1001. variable "appmesh_envoy_management_endpoint_security_group_ids" {
  1002. description = "The ID of one or more security groups to associate with the network interface for AppMesh endpoint"
  1003. type = list(string)
  1004. default = []
  1005. }
  1006. variable "appmesh_envoy_management_endpoint_subnet_ids" {
  1007. description = "The ID of one or more subnets in which to create a network interface for AppMesh endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1008. type = list(string)
  1009. default = []
  1010. }
  1011. variable "appmesh_envoy_management_endpoint_private_dns_enabled" {
  1012. description = "Whether or not to associate a private hosted zone with the specified VPC for AppMesh endpoint"
  1013. type = bool
  1014. default = false
  1015. }
  1016. variable "enable_servicecatalog_endpoint" {
  1017. description = "Should be true if you want to provision a Service Catalog endpoint to the VPC"
  1018. type = bool
  1019. default = false
  1020. }
  1021. variable "servicecatalog_endpoint_security_group_ids" {
  1022. description = "The ID of one or more security groups to associate with the network interface for Service Catalog endpoint"
  1023. type = list(string)
  1024. default = []
  1025. }
  1026. variable "servicecatalog_endpoint_subnet_ids" {
  1027. description = "The ID of one or more subnets in which to create a network interface for Service Catalog endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1028. type = list(string)
  1029. default = []
  1030. }
  1031. variable "servicecatalog_endpoint_private_dns_enabled" {
  1032. description = "Whether or not to associate a private hosted zone with the specified VPC for Service Catalog endpoint"
  1033. type = bool
  1034. default = false
  1035. }
  1036. variable "enable_storagegateway_endpoint" {
  1037. description = "Should be true if you want to provision a Storage Gateway endpoint to the VPC"
  1038. type = bool
  1039. default = false
  1040. }
  1041. variable "storagegateway_endpoint_security_group_ids" {
  1042. description = "The ID of one or more security groups to associate with the network interface for Storage Gateway endpoint"
  1043. type = list(string)
  1044. default = []
  1045. }
  1046. variable "storagegateway_endpoint_subnet_ids" {
  1047. description = "The ID of one or more subnets in which to create a network interface for Storage Gateway endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1048. type = list(string)
  1049. default = []
  1050. }
  1051. variable "storagegateway_endpoint_private_dns_enabled" {
  1052. description = "Whether or not to associate a private hosted zone with the specified VPC for Storage Gateway endpoint"
  1053. type = bool
  1054. default = false
  1055. }
  1056. variable "enable_transfer_endpoint" {
  1057. description = "Should be true if you want to provision a Transfer endpoint to the VPC"
  1058. type = bool
  1059. default = false
  1060. }
  1061. variable "transfer_endpoint_security_group_ids" {
  1062. description = "The ID of one or more security groups to associate with the network interface for Transfer endpoint"
  1063. type = list(string)
  1064. default = []
  1065. }
  1066. variable "transfer_endpoint_subnet_ids" {
  1067. description = "The ID of one or more subnets in which to create a network interface for Transfer endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1068. type = list(string)
  1069. default = []
  1070. }
  1071. variable "transfer_endpoint_private_dns_enabled" {
  1072. description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer endpoint"
  1073. type = bool
  1074. default = false
  1075. }
  1076. variable "enable_sagemaker_api_endpoint" {
  1077. description = "Should be true if you want to provision a SageMaker API endpoint to the VPC"
  1078. type = bool
  1079. default = false
  1080. }
  1081. variable "sagemaker_api_endpoint_security_group_ids" {
  1082. description = "The ID of one or more security groups to associate with the network interface for SageMaker API endpoint"
  1083. type = list(string)
  1084. default = []
  1085. }
  1086. variable "sagemaker_api_endpoint_subnet_ids" {
  1087. description = "The ID of one or more subnets in which to create a network interface for SageMaker API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1088. type = list(string)
  1089. default = []
  1090. }
  1091. variable "sagemaker_api_endpoint_private_dns_enabled" {
  1092. description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker API endpoint"
  1093. type = bool
  1094. default = false
  1095. }
  1096. variable "enable_sagemaker_runtime_endpoint" {
  1097. description = "Should be true if you want to provision a SageMaker Runtime endpoint to the VPC"
  1098. type = bool
  1099. default = false
  1100. }
  1101. variable "sagemaker_runtime_endpoint_security_group_ids" {
  1102. description = "The ID of one or more security groups to associate with the network interface for SageMaker Runtime endpoint"
  1103. type = list(string)
  1104. default = []
  1105. }
  1106. variable "sagemaker_runtime_endpoint_subnet_ids" {
  1107. description = "The ID of one or more subnets in which to create a network interface for SageMaker Runtime endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1108. type = list(string)
  1109. default = []
  1110. }
  1111. variable "sagemaker_runtime_endpoint_private_dns_enabled" {
  1112. description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker Runtime endpoint"
  1113. type = bool
  1114. default = false
  1115. }
  1116. variable "enable_appstream_api_endpoint" {
  1117. description = "Should be true if you want to provision a AppStream API endpoint to the VPC"
  1118. type = bool
  1119. default = false
  1120. }
  1121. variable "appstream_api_endpoint_security_group_ids" {
  1122. description = "The ID of one or more security groups to associate with the network interface for AppStream API endpoint"
  1123. type = list(string)
  1124. default = []
  1125. }
  1126. variable "appstream_api_endpoint_subnet_ids" {
  1127. description = "The ID of one or more subnets in which to create a network interface for AppStream API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1128. type = list(string)
  1129. default = []
  1130. }
  1131. variable "appstream_api_endpoint_private_dns_enabled" {
  1132. description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream API endpoint"
  1133. type = bool
  1134. default = false
  1135. }
  1136. variable "enable_appstream_streaming_endpoint" {
  1137. description = "Should be true if you want to provision a AppStream Streaming endpoint to the VPC"
  1138. type = bool
  1139. default = false
  1140. }
  1141. variable "appstream_streaming_endpoint_security_group_ids" {
  1142. description = "The ID of one or more security groups to associate with the network interface for AppStream Streaming endpoint"
  1143. type = list(string)
  1144. default = []
  1145. }
  1146. variable "appstream_streaming_endpoint_subnet_ids" {
  1147. description = "The ID of one or more subnets in which to create a network interface for AppStream Streaming endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1148. type = list(string)
  1149. default = []
  1150. }
  1151. variable "appstream_streaming_endpoint_private_dns_enabled" {
  1152. description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream Streaming endpoint"
  1153. type = bool
  1154. default = false
  1155. }
  1156. variable "enable_athena_endpoint" {
  1157. description = "Should be true if you want to provision a Athena endpoint to the VPC"
  1158. type = bool
  1159. default = false
  1160. }
  1161. variable "athena_endpoint_security_group_ids" {
  1162. description = "The ID of one or more security groups to associate with the network interface for Athena endpoint"
  1163. type = list(string)
  1164. default = []
  1165. }
  1166. variable "athena_endpoint_subnet_ids" {
  1167. description = "The ID of one or more subnets in which to create a network interface for Athena endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1168. type = list(string)
  1169. default = []
  1170. }
  1171. variable "athena_endpoint_private_dns_enabled" {
  1172. description = "Whether or not to associate a private hosted zone with the specified VPC for Athena endpoint"
  1173. type = bool
  1174. default = false
  1175. }
  1176. variable "enable_rekognition_endpoint" {
  1177. description = "Should be true if you want to provision a Rekognition endpoint to the VPC"
  1178. type = bool
  1179. default = false
  1180. }
  1181. variable "rekognition_endpoint_security_group_ids" {
  1182. description = "The ID of one or more security groups to associate with the network interface for Rekognition endpoint"
  1183. type = list(string)
  1184. default = []
  1185. }
  1186. variable "rekognition_endpoint_subnet_ids" {
  1187. description = "The ID of one or more subnets in which to create a network interface for Rekognition endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1188. type = list(string)
  1189. default = []
  1190. }
  1191. variable "rekognition_endpoint_private_dns_enabled" {
  1192. description = "Whether or not to associate a private hosted zone with the specified VPC for Rekognition endpoint"
  1193. type = bool
  1194. default = false
  1195. }
  1196. variable "enable_efs_endpoint" {
  1197. description = "Should be true if you want to provision an EFS endpoint to the VPC"
  1198. type = bool
  1199. default = false
  1200. }
  1201. variable "efs_endpoint_security_group_ids" {
  1202. description = "The ID of one or more security groups to associate with the network interface for EFS endpoint"
  1203. type = list(string)
  1204. default = []
  1205. }
  1206. variable "efs_endpoint_subnet_ids" {
  1207. description = "The ID of one or more subnets in which to create a network interface for EFS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1208. type = list(string)
  1209. default = []
  1210. }
  1211. variable "efs_endpoint_private_dns_enabled" {
  1212. description = "Whether or not to associate a private hosted zone with the specified VPC for EFS endpoint"
  1213. type = bool
  1214. default = false
  1215. }
  1216. variable "enable_cloud_directory_endpoint" {
  1217. description = "Should be true if you want to provision an Cloud Directory endpoint to the VPC"
  1218. type = bool
  1219. default = false
  1220. }
  1221. variable "cloud_directory_endpoint_security_group_ids" {
  1222. description = "The ID of one or more security groups to associate with the network interface for Cloud Directory endpoint"
  1223. type = list(string)
  1224. default = []
  1225. }
  1226. variable "cloud_directory_endpoint_subnet_ids" {
  1227. description = "The ID of one or more subnets in which to create a network interface for Cloud Directory endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1228. type = list(string)
  1229. default = []
  1230. }
  1231. variable "cloud_directory_endpoint_private_dns_enabled" {
  1232. description = "Whether or not to associate a private hosted zone with the specified VPC for Cloud Directory endpoint"
  1233. type = bool
  1234. default = false
  1235. }
  1236. variable "enable_ses_endpoint" {
  1237. description = "Should be true if you want to provision an SES endpoint to the VPC"
  1238. type = bool
  1239. default = false
  1240. }
  1241. variable "ses_endpoint_security_group_ids" {
  1242. description = "The ID of one or more security groups to associate with the network interface for SES endpoint"
  1243. type = list(string)
  1244. default = []
  1245. }
  1246. variable "ses_endpoint_subnet_ids" {
  1247. description = "The ID of one or more subnets in which to create a network interface for SES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1248. type = list(string)
  1249. default = []
  1250. }
  1251. variable "enable_auto_scaling_plans_endpoint" {
  1252. description = "Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC"
  1253. type = bool
  1254. default = false
  1255. }
  1256. variable "auto_scaling_plans_endpoint_security_group_ids" {
  1257. description = "The ID of one or more security groups to associate with the network interface for Auto Scaling Plans endpoint"
  1258. type = list(string)
  1259. default = []
  1260. }
  1261. variable "auto_scaling_plans_endpoint_subnet_ids" {
  1262. description = "The ID of one or more subnets in which to create a network interface for Auto Scaling Plans endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1263. type = list(string)
  1264. default = []
  1265. }
  1266. variable "auto_scaling_plans_endpoint_private_dns_enabled" {
  1267. description = "Whether or not to associate a private hosted zone with the specified VPC for Auto Scaling Plans endpoint"
  1268. type = bool
  1269. default = false
  1270. }
  1271. variable "ses_endpoint_private_dns_enabled" {
  1272. description = "Whether or not to associate a private hosted zone with the specified VPC for SES endpoint"
  1273. type = bool
  1274. default = false
  1275. }
  1276. variable "enable_workspaces_endpoint" {
  1277. description = "Should be true if you want to provision an Workspaces endpoint to the VPC"
  1278. type = bool
  1279. default = false
  1280. }
  1281. variable "workspaces_endpoint_security_group_ids" {
  1282. description = "The ID of one or more security groups to associate with the network interface for Workspaces endpoint"
  1283. type = list(string)
  1284. default = []
  1285. }
  1286. variable "workspaces_endpoint_subnet_ids" {
  1287. description = "The ID of one or more subnets in which to create a network interface for Workspaces endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1288. type = list(string)
  1289. default = []
  1290. }
  1291. variable "workspaces_endpoint_private_dns_enabled" {
  1292. description = "Whether or not to associate a private hosted zone with the specified VPC for Workspaces endpoint"
  1293. type = bool
  1294. default = false
  1295. }
  1296. variable "enable_access_analyzer_endpoint" {
  1297. description = "Should be true if you want to provision an Access Analyzer endpoint to the VPC"
  1298. type = bool
  1299. default = false
  1300. }
  1301. variable "access_analyzer_endpoint_security_group_ids" {
  1302. description = "The ID of one or more security groups to associate with the network interface for Access Analyzer endpoint"
  1303. type = list(string)
  1304. default = []
  1305. }
  1306. variable "access_analyzer_endpoint_subnet_ids" {
  1307. description = "The ID of one or more subnets in which to create a network interface for Access Analyzer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1308. type = list(string)
  1309. default = []
  1310. }
  1311. variable "access_analyzer_endpoint_private_dns_enabled" {
  1312. description = "Whether or not to associate a private hosted zone with the specified VPC for Access Analyzer endpoint"
  1313. type = bool
  1314. default = false
  1315. }
  1316. variable "enable_ebs_endpoint" {
  1317. description = "Should be true if you want to provision an EBS endpoint to the VPC"
  1318. type = bool
  1319. default = false
  1320. }
  1321. variable "ebs_endpoint_security_group_ids" {
  1322. description = "The ID of one or more security groups to associate with the network interface for EBS endpoint"
  1323. type = list(string)
  1324. default = []
  1325. }
  1326. variable "ebs_endpoint_subnet_ids" {
  1327. description = "The ID of one or more subnets in which to create a network interface for EBS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1328. type = list(string)
  1329. default = []
  1330. }
  1331. variable "ebs_endpoint_private_dns_enabled" {
  1332. description = "Whether or not to associate a private hosted zone with the specified VPC for EBS endpoint"
  1333. type = bool
  1334. default = false
  1335. }
  1336. variable "enable_datasync_endpoint" {
  1337. description = "Should be true if you want to provision an Data Sync endpoint to the VPC"
  1338. type = bool
  1339. default = false
  1340. }
  1341. variable "datasync_endpoint_security_group_ids" {
  1342. description = "The ID of one or more security groups to associate with the network interface for Data Sync endpoint"
  1343. type = list(string)
  1344. default = []
  1345. }
  1346. variable "datasync_endpoint_subnet_ids" {
  1347. description = "The ID of one or more subnets in which to create a network interface for Data Sync endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1348. type = list(string)
  1349. default = []
  1350. }
  1351. variable "datasync_endpoint_private_dns_enabled" {
  1352. description = "Whether or not to associate a private hosted zone with the specified VPC for Data Sync endpoint"
  1353. type = bool
  1354. default = false
  1355. }
  1356. variable "enable_elastic_inference_runtime_endpoint" {
  1357. description = "Should be true if you want to provision an Elastic Inference Runtime endpoint to the VPC"
  1358. type = bool
  1359. default = false
  1360. }
  1361. variable "elastic_inference_runtime_endpoint_security_group_ids" {
  1362. description = "The ID of one or more security groups to associate with the network interface for Elastic Inference Runtime endpoint"
  1363. type = list(string)
  1364. default = []
  1365. }
  1366. variable "elastic_inference_runtime_endpoint_subnet_ids" {
  1367. description = "The ID of one or more subnets in which to create a network interface for Elastic Inference Runtime endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1368. type = list(string)
  1369. default = []
  1370. }
  1371. variable "elastic_inference_runtime_endpoint_private_dns_enabled" {
  1372. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Inference Runtime endpoint"
  1373. type = bool
  1374. default = false
  1375. }
  1376. variable "enable_sms_endpoint" {
  1377. description = "Should be true if you want to provision an SMS endpoint to the VPC"
  1378. type = bool
  1379. default = false
  1380. }
  1381. variable "sms_endpoint_security_group_ids" {
  1382. description = "The ID of one or more security groups to associate with the network interface for SMS endpoint"
  1383. type = list(string)
  1384. default = []
  1385. }
  1386. variable "sms_endpoint_subnet_ids" {
  1387. description = "The ID of one or more subnets in which to create a network interface for SMS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1388. type = list(string)
  1389. default = []
  1390. }
  1391. variable "sms_endpoint_private_dns_enabled" {
  1392. description = "Whether or not to associate a private hosted zone with the specified VPC for SMS endpoint"
  1393. type = bool
  1394. default = false
  1395. }
  1396. variable "enable_emr_endpoint" {
  1397. description = "Should be true if you want to provision an EMR endpoint to the VPC"
  1398. type = bool
  1399. default = false
  1400. }
  1401. variable "emr_endpoint_security_group_ids" {
  1402. description = "The ID of one or more security groups to associate with the network interface for EMR endpoint"
  1403. type = list(string)
  1404. default = []
  1405. }
  1406. variable "emr_endpoint_subnet_ids" {
  1407. description = "The ID of one or more subnets in which to create a network interface for EMR endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1408. type = list(string)
  1409. default = []
  1410. }
  1411. variable "emr_endpoint_private_dns_enabled" {
  1412. description = "Whether or not to associate a private hosted zone with the specified VPC for EMR endpoint"
  1413. type = bool
  1414. default = false
  1415. }
  1416. variable "enable_qldb_session_endpoint" {
  1417. description = "Should be true if you want to provision an QLDB Session endpoint to the VPC"
  1418. type = bool
  1419. default = false
  1420. }
  1421. variable "qldb_session_endpoint_security_group_ids" {
  1422. description = "The ID of one or more security groups to associate with the network interface for QLDB Session endpoint"
  1423. type = list(string)
  1424. default = []
  1425. }
  1426. variable "qldb_session_endpoint_subnet_ids" {
  1427. description = "The ID of one or more subnets in which to create a network interface for QLDB Session endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1428. type = list(string)
  1429. default = []
  1430. }
  1431. variable "qldb_session_endpoint_private_dns_enabled" {
  1432. description = "Whether or not to associate a private hosted zone with the specified VPC for QLDB Session endpoint"
  1433. type = bool
  1434. default = false
  1435. }
  1436. variable "enable_elasticbeanstalk_endpoint" {
  1437. description = "Should be true if you want to provision a Elastic Beanstalk endpoint to the VPC"
  1438. type = bool
  1439. default = false
  1440. }
  1441. variable "elasticbeanstalk_endpoint_security_group_ids" {
  1442. description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk endpoint"
  1443. type = list(string)
  1444. default = []
  1445. }
  1446. variable "elasticbeanstalk_endpoint_subnet_ids" {
  1447. description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1448. type = list(string)
  1449. default = []
  1450. }
  1451. variable "elasticbeanstalk_endpoint_private_dns_enabled" {
  1452. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk endpoint"
  1453. type = bool
  1454. default = false
  1455. }
  1456. variable "enable_elasticbeanstalk_health_endpoint" {
  1457. description = "Should be true if you want to provision a Elastic Beanstalk Health endpoint to the VPC"
  1458. type = bool
  1459. default = false
  1460. }
  1461. variable "elasticbeanstalk_health_endpoint_security_group_ids" {
  1462. description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk Health endpoint"
  1463. type = list(string)
  1464. default = []
  1465. }
  1466. variable "elasticbeanstalk_health_endpoint_subnet_ids" {
  1467. description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk Health endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1468. type = list(string)
  1469. default = []
  1470. }
  1471. variable "elasticbeanstalk_health_endpoint_private_dns_enabled" {
  1472. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk Health endpoint"
  1473. type = bool
  1474. default = false
  1475. }
  1476. variable "enable_states_endpoint" {
  1477. description = "Should be true if you want to provision a Step Function endpoint to the VPC"
  1478. type = bool
  1479. default = false
  1480. }
  1481. variable "states_endpoint_security_group_ids" {
  1482. description = "The ID of one or more security groups to associate with the network interface for Step Function endpoint"
  1483. type = list(string)
  1484. default = []
  1485. }
  1486. variable "states_endpoint_subnet_ids" {
  1487. description = "The ID of one or more subnets in which to create a network interface for Step Function endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1488. type = list(string)
  1489. default = []
  1490. }
  1491. variable "states_endpoint_private_dns_enabled" {
  1492. description = "Whether or not to associate a private hosted zone with the specified VPC for Step Function endpoint"
  1493. type = bool
  1494. default = false
  1495. }
  1496. variable "enable_acm_pca_endpoint" {
  1497. description = "Should be true if you want to provision an ACM PCA endpoint to the VPC"
  1498. type = bool
  1499. default = false
  1500. }
  1501. variable "enable_rds_endpoint" {
  1502. description = "Should be true if you want to provision an RDS endpoint to the VPC"
  1503. type = bool
  1504. default = false
  1505. }
  1506. variable "rds_endpoint_security_group_ids" {
  1507. description = "The ID of one or more security groups to associate with the network interface for RDS endpoint"
  1508. type = list(string)
  1509. default = []
  1510. }
  1511. variable "rds_endpoint_subnet_ids" {
  1512. description = "The ID of one or more subnets in which to create a network interface for RDS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1513. type = list(string)
  1514. default = []
  1515. }
  1516. variable "rds_endpoint_private_dns_enabled" {
  1517. description = "Whether or not to associate a private hosted zone with the specified VPC for RDS endpoint"
  1518. type = bool
  1519. default = false
  1520. }
  1521. variable "enable_codedeploy_endpoint" {
  1522. description = "Should be true if you want to provision an CodeDeploy endpoint to the VPC"
  1523. type = bool
  1524. default = false
  1525. }
  1526. variable "codedeploy_endpoint_security_group_ids" {
  1527. description = "The ID of one or more security groups to associate with the network interface for CodeDeploy endpoint"
  1528. type = list(string)
  1529. default = []
  1530. }
  1531. variable "codedeploy_endpoint_subnet_ids" {
  1532. description = "The ID of one or more subnets in which to create a network interface for CodeDeploy endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1533. type = list(string)
  1534. default = []
  1535. }
  1536. variable "codedeploy_endpoint_private_dns_enabled" {
  1537. description = "Whether or not to associate a private hosted zone with the specified VPC for CodeDeploy endpoint"
  1538. type = bool
  1539. default = false
  1540. }
  1541. variable "enable_codedeploy_commands_secure_endpoint" {
  1542. description = "Should be true if you want to provision an CodeDeploy Commands Secure endpoint to the VPC"
  1543. type = bool
  1544. default = false
  1545. }
  1546. variable "codedeploy_commands_secure_endpoint_security_group_ids" {
  1547. description = "The ID of one or more security groups to associate with the network interface for CodeDeploy Commands Secure endpoint"
  1548. type = list(string)
  1549. default = []
  1550. }
  1551. variable "codedeploy_commands_secure_endpoint_subnet_ids" {
  1552. description = "The ID of one or more subnets in which to create a network interface for CodeDeploy Commands Secure endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1553. type = list(string)
  1554. default = []
  1555. }
  1556. variable "codedeploy_commands_secure_endpoint_private_dns_enabled" {
  1557. description = "Whether or not to associate a private hosted zone with the specified VPC for CodeDeploy Commands Secure endpoint"
  1558. type = bool
  1559. default = false
  1560. }
  1561. variable "acm_pca_endpoint_security_group_ids" {
  1562. description = "The ID of one or more security groups to associate with the network interface for ACM PCA endpoint"
  1563. type = list(string)
  1564. default = []
  1565. }
  1566. variable "acm_pca_endpoint_subnet_ids" {
  1567. description = "The ID of one or more subnets in which to create a network interface for ACM PCA endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1568. type = list(string)
  1569. default = []
  1570. }
  1571. variable "acm_pca_endpoint_private_dns_enabled" {
  1572. description = "Whether or not to associate a private hosted zone with the specified VPC for ACM PCA endpoint"
  1573. type = bool
  1574. default = false
  1575. }
  1576. variable "map_public_ip_on_launch" {
  1577. description = "Should be false if you do not want to auto-assign public IP on launch"
  1578. type = bool
  1579. default = true
  1580. }
  1581. variable "customer_gateways" {
  1582. description = "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)"
  1583. type = map(map(any))
  1584. default = {}
  1585. }
  1586. variable "enable_vpn_gateway" {
  1587. description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
  1588. type = bool
  1589. default = false
  1590. }
  1591. variable "vpn_gateway_id" {
  1592. description = "ID of VPN Gateway to attach to the VPC"
  1593. type = string
  1594. default = ""
  1595. }
  1596. variable "amazon_side_asn" {
  1597. description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN."
  1598. type = string
  1599. default = "64512"
  1600. }
  1601. variable "vpn_gateway_az" {
  1602. description = "The Availability Zone for the VPN Gateway"
  1603. type = string
  1604. default = null
  1605. }
  1606. variable "propagate_intra_route_tables_vgw" {
  1607. description = "Should be true if you want route table propagation"
  1608. type = bool
  1609. default = false
  1610. }
  1611. variable "propagate_private_route_tables_vgw" {
  1612. description = "Should be true if you want route table propagation"
  1613. type = bool
  1614. default = false
  1615. }
  1616. variable "propagate_public_route_tables_vgw" {
  1617. description = "Should be true if you want route table propagation"
  1618. type = bool
  1619. default = false
  1620. }
  1621. variable "tags" {
  1622. description = "A map of tags to add to all resources"
  1623. type = map(string)
  1624. default = {}
  1625. }
  1626. variable "vpc_tags" {
  1627. description = "Additional tags for the VPC"
  1628. type = map(string)
  1629. default = {}
  1630. }
  1631. variable "igw_tags" {
  1632. description = "Additional tags for the internet gateway"
  1633. type = map(string)
  1634. default = {}
  1635. }
  1636. variable "public_subnet_tags" {
  1637. description = "Additional tags for the public subnets"
  1638. type = map(string)
  1639. default = {}
  1640. }
  1641. variable "private_subnet_tags" {
  1642. description = "Additional tags for the private subnets"
  1643. type = map(string)
  1644. default = {}
  1645. }
  1646. variable "public_route_table_tags" {
  1647. description = "Additional tags for the public route tables"
  1648. type = map(string)
  1649. default = {}
  1650. }
  1651. variable "private_route_table_tags" {
  1652. description = "Additional tags for the private route tables"
  1653. type = map(string)
  1654. default = {}
  1655. }
  1656. variable "database_route_table_tags" {
  1657. description = "Additional tags for the database route tables"
  1658. type = map(string)
  1659. default = {}
  1660. }
  1661. variable "redshift_route_table_tags" {
  1662. description = "Additional tags for the redshift route tables"
  1663. type = map(string)
  1664. default = {}
  1665. }
  1666. variable "elasticache_route_table_tags" {
  1667. description = "Additional tags for the elasticache route tables"
  1668. type = map(string)
  1669. default = {}
  1670. }
  1671. variable "intra_route_table_tags" {
  1672. description = "Additional tags for the intra route tables"
  1673. type = map(string)
  1674. default = {}
  1675. }
  1676. variable "database_subnet_tags" {
  1677. description = "Additional tags for the database subnets"
  1678. type = map(string)
  1679. default = {}
  1680. }
  1681. variable "database_subnet_group_tags" {
  1682. description = "Additional tags for the database subnet group"
  1683. type = map(string)
  1684. default = {}
  1685. }
  1686. variable "redshift_subnet_tags" {
  1687. description = "Additional tags for the redshift subnets"
  1688. type = map(string)
  1689. default = {}
  1690. }
  1691. variable "redshift_subnet_group_tags" {
  1692. description = "Additional tags for the redshift subnet group"
  1693. type = map(string)
  1694. default = {}
  1695. }
  1696. variable "elasticache_subnet_tags" {
  1697. description = "Additional tags for the elasticache subnets"
  1698. type = map(string)
  1699. default = {}
  1700. }
  1701. variable "intra_subnet_tags" {
  1702. description = "Additional tags for the intra subnets"
  1703. type = map(string)
  1704. default = {}
  1705. }
  1706. variable "public_acl_tags" {
  1707. description = "Additional tags for the public subnets network ACL"
  1708. type = map(string)
  1709. default = {}
  1710. }
  1711. variable "private_acl_tags" {
  1712. description = "Additional tags for the private subnets network ACL"
  1713. type = map(string)
  1714. default = {}
  1715. }
  1716. variable "intra_acl_tags" {
  1717. description = "Additional tags for the intra subnets network ACL"
  1718. type = map(string)
  1719. default = {}
  1720. }
  1721. variable "database_acl_tags" {
  1722. description = "Additional tags for the database subnets network ACL"
  1723. type = map(string)
  1724. default = {}
  1725. }
  1726. variable "redshift_acl_tags" {
  1727. description = "Additional tags for the redshift subnets network ACL"
  1728. type = map(string)
  1729. default = {}
  1730. }
  1731. variable "elasticache_acl_tags" {
  1732. description = "Additional tags for the elasticache subnets network ACL"
  1733. type = map(string)
  1734. default = {}
  1735. }
  1736. variable "dhcp_options_tags" {
  1737. description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)"
  1738. type = map(string)
  1739. default = {}
  1740. }
  1741. variable "nat_gateway_tags" {
  1742. description = "Additional tags for the NAT gateways"
  1743. type = map(string)
  1744. default = {}
  1745. }
  1746. variable "nat_eip_tags" {
  1747. description = "Additional tags for the NAT EIP"
  1748. type = map(string)
  1749. default = {}
  1750. }
  1751. variable "customer_gateway_tags" {
  1752. description = "Additional tags for the Customer Gateway"
  1753. type = map(string)
  1754. default = {}
  1755. }
  1756. variable "vpn_gateway_tags" {
  1757. description = "Additional tags for the VPN gateway"
  1758. type = map(string)
  1759. default = {}
  1760. }
  1761. variable "vpc_endpoint_tags" {
  1762. description = "Additional tags for the VPC Endpoints"
  1763. type = map(string)
  1764. default = {}
  1765. }
  1766. variable "vpc_flow_log_tags" {
  1767. description = "Additional tags for the VPC Flow Logs"
  1768. type = map(string)
  1769. default = {}
  1770. }
  1771. variable "vpc_flow_log_permissions_boundary" {
  1772. description = "The ARN of the Permissions Boundary for the VPC Flow Log IAM Role"
  1773. type = string
  1774. default = null
  1775. }
  1776. variable "enable_dhcp_options" {
  1777. description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
  1778. type = bool
  1779. default = false
  1780. }
  1781. variable "dhcp_options_domain_name" {
  1782. description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)"
  1783. type = string
  1784. default = ""
  1785. }
  1786. variable "dhcp_options_domain_name_servers" {
  1787. description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)"
  1788. type = list(string)
  1789. default = ["AmazonProvidedDNS"]
  1790. }
  1791. variable "dhcp_options_ntp_servers" {
  1792. description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)"
  1793. type = list(string)
  1794. default = []
  1795. }
  1796. variable "dhcp_options_netbios_name_servers" {
  1797. description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)"
  1798. type = list(string)
  1799. default = []
  1800. }
  1801. variable "dhcp_options_netbios_node_type" {
  1802. description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)"
  1803. type = string
  1804. default = ""
  1805. }
  1806. variable "manage_default_vpc" {
  1807. description = "Should be true to adopt and manage Default VPC"
  1808. type = bool
  1809. default = false
  1810. }
  1811. variable "default_vpc_name" {
  1812. description = "Name to be used on the Default VPC"
  1813. type = string
  1814. default = ""
  1815. }
  1816. variable "default_vpc_enable_dns_support" {
  1817. description = "Should be true to enable DNS support in the Default VPC"
  1818. type = bool
  1819. default = true
  1820. }
  1821. variable "default_vpc_enable_dns_hostnames" {
  1822. description = "Should be true to enable DNS hostnames in the Default VPC"
  1823. type = bool
  1824. default = false
  1825. }
  1826. variable "default_vpc_enable_classiclink" {
  1827. description = "Should be true to enable ClassicLink in the Default VPC"
  1828. type = bool
  1829. default = false
  1830. }
  1831. variable "default_vpc_tags" {
  1832. description = "Additional tags for the Default VPC"
  1833. type = map(string)
  1834. default = {}
  1835. }
  1836. variable "manage_default_network_acl" {
  1837. description = "Should be true to adopt and manage Default Network ACL"
  1838. type = bool
  1839. default = false
  1840. }
  1841. variable "default_network_acl_name" {
  1842. description = "Name to be used on the Default Network ACL"
  1843. type = string
  1844. default = ""
  1845. }
  1846. variable "default_network_acl_tags" {
  1847. description = "Additional tags for the Default Network ACL"
  1848. type = map(string)
  1849. default = {}
  1850. }
  1851. variable "public_dedicated_network_acl" {
  1852. description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
  1853. type = bool
  1854. default = false
  1855. }
  1856. variable "private_dedicated_network_acl" {
  1857. description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
  1858. type = bool
  1859. default = false
  1860. }
  1861. variable "intra_dedicated_network_acl" {
  1862. description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets"
  1863. type = bool
  1864. default = false
  1865. }
  1866. variable "database_dedicated_network_acl" {
  1867. description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets"
  1868. type = bool
  1869. default = false
  1870. }
  1871. variable "redshift_dedicated_network_acl" {
  1872. description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets"
  1873. type = bool
  1874. default = false
  1875. }
  1876. variable "elasticache_dedicated_network_acl" {
  1877. description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets"
  1878. type = bool
  1879. default = false
  1880. }
  1881. variable "default_network_acl_ingress" {
  1882. description = "List of maps of ingress rules to set on the Default Network ACL"
  1883. type = list(map(string))
  1884. default = [
  1885. {
  1886. rule_no = 100
  1887. action = "allow"
  1888. from_port = 0
  1889. to_port = 0
  1890. protocol = "-1"
  1891. cidr_block = "0.0.0.0/0"
  1892. },
  1893. {
  1894. rule_no = 101
  1895. action = "allow"
  1896. from_port = 0
  1897. to_port = 0
  1898. protocol = "-1"
  1899. ipv6_cidr_block = "::/0"
  1900. },
  1901. ]
  1902. }
  1903. variable "default_network_acl_egress" {
  1904. description = "List of maps of egress rules to set on the Default Network ACL"
  1905. type = list(map(string))
  1906. default = [
  1907. {
  1908. rule_no = 100
  1909. action = "allow"
  1910. from_port = 0
  1911. to_port = 0
  1912. protocol = "-1"
  1913. cidr_block = "0.0.0.0/0"
  1914. },
  1915. {
  1916. rule_no = 101
  1917. action = "allow"
  1918. from_port = 0
  1919. to_port = 0
  1920. protocol = "-1"
  1921. ipv6_cidr_block = "::/0"
  1922. },
  1923. ]
  1924. }
  1925. variable "public_inbound_acl_rules" {
  1926. description = "Public subnets inbound network ACLs"
  1927. type = list(map(string))
  1928. default = [
  1929. {
  1930. rule_number = 100
  1931. rule_action = "allow"
  1932. from_port = 0
  1933. to_port = 0
  1934. protocol = "-1"
  1935. cidr_block = "0.0.0.0/0"
  1936. },
  1937. ]
  1938. }
  1939. variable "public_outbound_acl_rules" {
  1940. description = "Public subnets outbound network ACLs"
  1941. type = list(map(string))
  1942. default = [
  1943. {
  1944. rule_number = 100
  1945. rule_action = "allow"
  1946. from_port = 0
  1947. to_port = 0
  1948. protocol = "-1"
  1949. cidr_block = "0.0.0.0/0"
  1950. },
  1951. ]
  1952. }
  1953. variable "private_inbound_acl_rules" {
  1954. description = "Private subnets inbound network ACLs"
  1955. type = list(map(string))
  1956. default = [
  1957. {
  1958. rule_number = 100
  1959. rule_action = "allow"
  1960. from_port = 0
  1961. to_port = 0
  1962. protocol = "-1"
  1963. cidr_block = "0.0.0.0/0"
  1964. },
  1965. ]
  1966. }
  1967. variable "private_outbound_acl_rules" {
  1968. description = "Private subnets outbound network ACLs"
  1969. type = list(map(string))
  1970. default = [
  1971. {
  1972. rule_number = 100
  1973. rule_action = "allow"
  1974. from_port = 0
  1975. to_port = 0
  1976. protocol = "-1"
  1977. cidr_block = "0.0.0.0/0"
  1978. },
  1979. ]
  1980. }
  1981. variable "intra_inbound_acl_rules" {
  1982. description = "Intra subnets inbound network ACLs"
  1983. type = list(map(string))
  1984. default = [
  1985. {
  1986. rule_number = 100
  1987. rule_action = "allow"
  1988. from_port = 0
  1989. to_port = 0
  1990. protocol = "-1"
  1991. cidr_block = "0.0.0.0/0"
  1992. },
  1993. ]
  1994. }
  1995. variable "intra_outbound_acl_rules" {
  1996. description = "Intra subnets outbound network ACLs"
  1997. type = list(map(string))
  1998. default = [
  1999. {
  2000. rule_number = 100
  2001. rule_action = "allow"
  2002. from_port = 0
  2003. to_port = 0
  2004. protocol = "-1"
  2005. cidr_block = "0.0.0.0/0"
  2006. },
  2007. ]
  2008. }
  2009. variable "database_inbound_acl_rules" {
  2010. description = "Database subnets inbound network ACL rules"
  2011. type = list(map(string))
  2012. default = [
  2013. {
  2014. rule_number = 100
  2015. rule_action = "allow"
  2016. from_port = 0
  2017. to_port = 0
  2018. protocol = "-1"
  2019. cidr_block = "0.0.0.0/0"
  2020. },
  2021. ]
  2022. }
  2023. variable "database_outbound_acl_rules" {
  2024. description = "Database subnets outbound network ACL rules"
  2025. type = list(map(string))
  2026. default = [
  2027. {
  2028. rule_number = 100
  2029. rule_action = "allow"
  2030. from_port = 0
  2031. to_port = 0
  2032. protocol = "-1"
  2033. cidr_block = "0.0.0.0/0"
  2034. },
  2035. ]
  2036. }
  2037. variable "redshift_inbound_acl_rules" {
  2038. description = "Redshift subnets inbound network ACL rules"
  2039. type = list(map(string))
  2040. default = [
  2041. {
  2042. rule_number = 100
  2043. rule_action = "allow"
  2044. from_port = 0
  2045. to_port = 0
  2046. protocol = "-1"
  2047. cidr_block = "0.0.0.0/0"
  2048. },
  2049. ]
  2050. }
  2051. variable "redshift_outbound_acl_rules" {
  2052. description = "Redshift subnets outbound network ACL rules"
  2053. type = list(map(string))
  2054. default = [
  2055. {
  2056. rule_number = 100
  2057. rule_action = "allow"
  2058. from_port = 0
  2059. to_port = 0
  2060. protocol = "-1"
  2061. cidr_block = "0.0.0.0/0"
  2062. },
  2063. ]
  2064. }
  2065. variable "elasticache_inbound_acl_rules" {
  2066. description = "Elasticache subnets inbound network ACL rules"
  2067. type = list(map(string))
  2068. default = [
  2069. {
  2070. rule_number = 100
  2071. rule_action = "allow"
  2072. from_port = 0
  2073. to_port = 0
  2074. protocol = "-1"
  2075. cidr_block = "0.0.0.0/0"
  2076. },
  2077. ]
  2078. }
  2079. variable "elasticache_outbound_acl_rules" {
  2080. description = "Elasticache subnets outbound network ACL rules"
  2081. type = list(map(string))
  2082. default = [
  2083. {
  2084. rule_number = 100
  2085. rule_action = "allow"
  2086. from_port = 0
  2087. to_port = 0
  2088. protocol = "-1"
  2089. cidr_block = "0.0.0.0/0"
  2090. },
  2091. ]
  2092. }
  2093. variable "manage_default_security_group" {
  2094. description = "Should be true to adopt and manage default security group"
  2095. type = bool
  2096. default = false
  2097. }
  2098. variable "default_security_group_name" {
  2099. description = "Name to be used on the default security group"
  2100. type = string
  2101. default = "default"
  2102. }
  2103. variable "default_security_group_ingress" {
  2104. description = "List of maps of ingress rules to set on the default security group"
  2105. type = list(map(string))
  2106. default = null
  2107. }
  2108. variable "enable_flow_log" {
  2109. description = "Whether or not to enable VPC Flow Logs"
  2110. type = bool
  2111. default = false
  2112. }
  2113. variable "default_security_group_egress" {
  2114. description = "List of maps of egress rules to set on the default security group"
  2115. type = list(map(string))
  2116. default = null
  2117. }
  2118. variable "default_security_group_tags" {
  2119. description = "Additional tags for the default security group"
  2120. type = map(string)
  2121. default = {}
  2122. }
  2123. variable "create_flow_log_cloudwatch_log_group" {
  2124. description = "Whether to create CloudWatch log group for VPC Flow Logs"
  2125. type = bool
  2126. default = false
  2127. }
  2128. variable "create_flow_log_cloudwatch_iam_role" {
  2129. description = "Whether to create IAM role for VPC Flow Logs"
  2130. type = bool
  2131. default = false
  2132. }
  2133. variable "flow_log_traffic_type" {
  2134. description = "The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL."
  2135. type = string
  2136. default = "ALL"
  2137. }
  2138. variable "flow_log_destination_type" {
  2139. description = "Type of flow log destination. Can be s3 or cloud-watch-logs."
  2140. type = string
  2141. default = "cloud-watch-logs"
  2142. }
  2143. variable "flow_log_log_format" {
  2144. description = "The fields to include in the flow log record, in the order in which they should appear."
  2145. type = string
  2146. default = null
  2147. }
  2148. variable "flow_log_destination_arn" {
  2149. description = "The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided."
  2150. type = string
  2151. default = ""
  2152. }
  2153. variable "flow_log_cloudwatch_iam_role_arn" {
  2154. description = "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided."
  2155. type = string
  2156. default = ""
  2157. }
  2158. variable "flow_log_cloudwatch_log_group_name_prefix" {
  2159. description = "Specifies the name prefix of CloudWatch Log Group for VPC flow logs."
  2160. type = string
  2161. default = "/aws/vpc-flow-log/"
  2162. }
  2163. variable "flow_log_cloudwatch_log_group_retention_in_days" {
  2164. description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs."
  2165. type = number
  2166. default = null
  2167. }
  2168. variable "flow_log_cloudwatch_log_group_kms_key_id" {
  2169. description = "The ARN of the KMS Key to use when encrypting log data for VPC flow logs."
  2170. type = string
  2171. default = null
  2172. }
  2173. variable "flow_log_max_aggregation_interval" {
  2174. description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds."
  2175. type = number
  2176. default = 600
  2177. }
  2178. variable "create_igw" {
  2179. description = "Controls if an Internet Gateway is created for public subnets and the related routes that connect them."
  2180. type = bool
  2181. default = true
  2182. }
  2183. variable "create_egress_only_igw" {
  2184. description = "Controls if an Egress Only Internet Gateway is created and its related routes."
  2185. type = bool
  2186. default = true
  2187. }