This is a mirror of the official AWS VPC module from github. (Prevents failed clones happening frequently when using github).
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1130 lines
31KB

  1. variable "create_vpc" {
  2. description = "Controls if VPC should be created (it affects almost all resources)"
  3. type = bool
  4. default = true
  5. }
  6. variable "name" {
  7. description = "Name to be used on all the resources as identifier"
  8. type = string
  9. default = ""
  10. }
  11. variable "cidr" {
  12. description = "The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden"
  13. type = string
  14. default = "0.0.0.0/0"
  15. }
  16. variable "enable_ipv6" {
  17. description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block."
  18. type = bool
  19. default = false
  20. }
  21. variable "private_subnet_ipv6_prefixes" {
  22. description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  23. type = list(string)
  24. default = []
  25. }
  26. variable "public_subnet_ipv6_prefixes" {
  27. description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  28. type = list(string)
  29. default = []
  30. }
  31. variable "outpost_subnet_ipv6_prefixes" {
  32. description = "Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  33. type = list(string)
  34. default = []
  35. }
  36. variable "database_subnet_ipv6_prefixes" {
  37. description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  38. type = list(string)
  39. default = []
  40. }
  41. variable "redshift_subnet_ipv6_prefixes" {
  42. description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  43. type = list(string)
  44. default = []
  45. }
  46. variable "elasticache_subnet_ipv6_prefixes" {
  47. description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  48. type = list(string)
  49. default = []
  50. }
  51. variable "intra_subnet_ipv6_prefixes" {
  52. description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  53. type = list(string)
  54. default = []
  55. }
  56. variable "assign_ipv6_address_on_creation" {
  57. description = "Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  58. type = bool
  59. default = false
  60. }
  61. variable "private_subnet_assign_ipv6_address_on_creation" {
  62. description = "Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  63. type = bool
  64. default = null
  65. }
  66. variable "public_subnet_assign_ipv6_address_on_creation" {
  67. description = "Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  68. type = bool
  69. default = null
  70. }
  71. variable "outpost_subnet_assign_ipv6_address_on_creation" {
  72. description = "Assign IPv6 address on outpost subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  73. type = bool
  74. default = null
  75. }
  76. variable "database_subnet_assign_ipv6_address_on_creation" {
  77. description = "Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  78. type = bool
  79. default = null
  80. }
  81. variable "redshift_subnet_assign_ipv6_address_on_creation" {
  82. description = "Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  83. type = bool
  84. default = null
  85. }
  86. variable "elasticache_subnet_assign_ipv6_address_on_creation" {
  87. description = "Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  88. type = bool
  89. default = null
  90. }
  91. variable "intra_subnet_assign_ipv6_address_on_creation" {
  92. description = "Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  93. type = bool
  94. default = null
  95. }
  96. variable "secondary_cidr_blocks" {
  97. description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
  98. type = list(string)
  99. default = []
  100. }
  101. variable "instance_tenancy" {
  102. description = "A tenancy option for instances launched into the VPC"
  103. type = string
  104. default = "default"
  105. }
  106. variable "public_subnet_suffix" {
  107. description = "Suffix to append to public subnets name"
  108. type = string
  109. default = "public"
  110. }
  111. variable "private_subnet_suffix" {
  112. description = "Suffix to append to private subnets name"
  113. type = string
  114. default = "private"
  115. }
  116. variable "outpost_subnet_suffix" {
  117. description = "Suffix to append to outpost subnets name"
  118. type = string
  119. default = "outpost"
  120. }
  121. variable "intra_subnet_suffix" {
  122. description = "Suffix to append to intra subnets name"
  123. type = string
  124. default = "intra"
  125. }
  126. variable "database_subnet_suffix" {
  127. description = "Suffix to append to database subnets name"
  128. type = string
  129. default = "db"
  130. }
  131. variable "redshift_subnet_suffix" {
  132. description = "Suffix to append to redshift subnets name"
  133. type = string
  134. default = "redshift"
  135. }
  136. variable "elasticache_subnet_suffix" {
  137. description = "Suffix to append to elasticache subnets name"
  138. type = string
  139. default = "elasticache"
  140. }
  141. variable "public_subnets" {
  142. description = "A list of public subnets inside the VPC"
  143. type = list(string)
  144. default = []
  145. }
  146. variable "private_subnets" {
  147. description = "A list of private subnets inside the VPC"
  148. type = list(string)
  149. default = []
  150. }
  151. variable "outpost_subnets" {
  152. description = "A list of outpost subnets inside the VPC"
  153. type = list(string)
  154. default = []
  155. }
  156. variable "database_subnets" {
  157. description = "A list of database subnets"
  158. type = list(string)
  159. default = []
  160. }
  161. variable "redshift_subnets" {
  162. description = "A list of redshift subnets"
  163. type = list(string)
  164. default = []
  165. }
  166. variable "elasticache_subnets" {
  167. description = "A list of elasticache subnets"
  168. type = list(string)
  169. default = []
  170. }
  171. variable "intra_subnets" {
  172. description = "A list of intra subnets"
  173. type = list(string)
  174. default = []
  175. }
  176. variable "create_database_subnet_route_table" {
  177. description = "Controls if separate route table for database should be created"
  178. type = bool
  179. default = false
  180. }
  181. variable "create_redshift_subnet_route_table" {
  182. description = "Controls if separate route table for redshift should be created"
  183. type = bool
  184. default = false
  185. }
  186. variable "enable_public_redshift" {
  187. description = "Controls if redshift should have public routing table"
  188. type = bool
  189. default = false
  190. }
  191. variable "create_elasticache_subnet_route_table" {
  192. description = "Controls if separate route table for elasticache should be created"
  193. type = bool
  194. default = false
  195. }
  196. variable "create_database_subnet_group" {
  197. description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)"
  198. type = bool
  199. default = true
  200. }
  201. variable "create_elasticache_subnet_group" {
  202. description = "Controls if elasticache subnet group should be created"
  203. type = bool
  204. default = true
  205. }
  206. variable "create_redshift_subnet_group" {
  207. description = "Controls if redshift subnet group should be created"
  208. type = bool
  209. default = true
  210. }
  211. variable "create_database_internet_gateway_route" {
  212. description = "Controls if an internet gateway route for public database access should be created"
  213. type = bool
  214. default = false
  215. }
  216. variable "create_database_nat_gateway_route" {
  217. description = "Controls if a nat gateway route should be created to give internet access to the database subnets"
  218. type = bool
  219. default = false
  220. }
  221. variable "azs" {
  222. description = "A list of availability zones names or ids in the region"
  223. type = list(string)
  224. default = []
  225. }
  226. variable "enable_dns_hostnames" {
  227. description = "Should be true to enable DNS hostnames in the VPC"
  228. type = bool
  229. default = false
  230. }
  231. variable "enable_dns_support" {
  232. description = "Should be true to enable DNS support in the VPC"
  233. type = bool
  234. default = true
  235. }
  236. variable "enable_classiclink" {
  237. description = "Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic."
  238. type = bool
  239. default = null
  240. }
  241. variable "enable_classiclink_dns_support" {
  242. description = "Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic."
  243. type = bool
  244. default = null
  245. }
  246. variable "enable_nat_gateway" {
  247. description = "Should be true if you want to provision NAT Gateways for each of your private networks"
  248. type = bool
  249. default = false
  250. }
  251. variable "single_nat_gateway" {
  252. description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
  253. type = bool
  254. default = false
  255. }
  256. variable "one_nat_gateway_per_az" {
  257. description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`."
  258. type = bool
  259. default = false
  260. }
  261. variable "reuse_nat_ips" {
  262. description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable"
  263. type = bool
  264. default = false
  265. }
  266. variable "external_nat_ip_ids" {
  267. description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)"
  268. type = list(string)
  269. default = []
  270. }
  271. variable "external_nat_ips" {
  272. description = "List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)"
  273. type = list(string)
  274. default = []
  275. }
  276. variable "map_public_ip_on_launch" {
  277. description = "Should be false if you do not want to auto-assign public IP on launch"
  278. type = bool
  279. default = true
  280. }
  281. variable "customer_gateways" {
  282. description = "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)"
  283. type = map(map(any))
  284. default = {}
  285. }
  286. variable "enable_vpn_gateway" {
  287. description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
  288. type = bool
  289. default = false
  290. }
  291. variable "vpn_gateway_id" {
  292. description = "ID of VPN Gateway to attach to the VPC"
  293. type = string
  294. default = ""
  295. }
  296. variable "amazon_side_asn" {
  297. description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN."
  298. type = string
  299. default = "64512"
  300. }
  301. variable "vpn_gateway_az" {
  302. description = "The Availability Zone for the VPN Gateway"
  303. type = string
  304. default = null
  305. }
  306. variable "propagate_intra_route_tables_vgw" {
  307. description = "Should be true if you want route table propagation"
  308. type = bool
  309. default = false
  310. }
  311. variable "propagate_private_route_tables_vgw" {
  312. description = "Should be true if you want route table propagation"
  313. type = bool
  314. default = false
  315. }
  316. variable "propagate_public_route_tables_vgw" {
  317. description = "Should be true if you want route table propagation"
  318. type = bool
  319. default = false
  320. }
  321. variable "manage_default_route_table" {
  322. description = "Should be true to manage default route table"
  323. type = bool
  324. default = false
  325. }
  326. variable "default_route_table_propagating_vgws" {
  327. description = "List of virtual gateways for propagation"
  328. type = list(string)
  329. default = []
  330. }
  331. variable "default_route_table_routes" {
  332. description = "Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route"
  333. type = list(map(string))
  334. default = []
  335. }
  336. variable "default_route_table_tags" {
  337. description = "Additional tags for the default route table"
  338. type = map(string)
  339. default = {}
  340. }
  341. variable "tags" {
  342. description = "A map of tags to add to all resources"
  343. type = map(string)
  344. default = {}
  345. }
  346. variable "vpc_tags" {
  347. description = "Additional tags for the VPC"
  348. type = map(string)
  349. default = {}
  350. }
  351. variable "igw_tags" {
  352. description = "Additional tags for the internet gateway"
  353. type = map(string)
  354. default = {}
  355. }
  356. variable "public_subnet_tags" {
  357. description = "Additional tags for the public subnets"
  358. type = map(string)
  359. default = {}
  360. }
  361. variable "private_subnet_tags" {
  362. description = "Additional tags for the private subnets"
  363. type = map(string)
  364. default = {}
  365. }
  366. variable "outpost_subnet_tags" {
  367. description = "Additional tags for the outpost subnets"
  368. type = map(string)
  369. default = {}
  370. }
  371. variable "public_route_table_tags" {
  372. description = "Additional tags for the public route tables"
  373. type = map(string)
  374. default = {}
  375. }
  376. variable "private_route_table_tags" {
  377. description = "Additional tags for the private route tables"
  378. type = map(string)
  379. default = {}
  380. }
  381. variable "database_route_table_tags" {
  382. description = "Additional tags for the database route tables"
  383. type = map(string)
  384. default = {}
  385. }
  386. variable "redshift_route_table_tags" {
  387. description = "Additional tags for the redshift route tables"
  388. type = map(string)
  389. default = {}
  390. }
  391. variable "elasticache_route_table_tags" {
  392. description = "Additional tags for the elasticache route tables"
  393. type = map(string)
  394. default = {}
  395. }
  396. variable "intra_route_table_tags" {
  397. description = "Additional tags for the intra route tables"
  398. type = map(string)
  399. default = {}
  400. }
  401. variable "database_subnet_tags" {
  402. description = "Additional tags for the database subnets"
  403. type = map(string)
  404. default = {}
  405. }
  406. variable "database_subnet_group_tags" {
  407. description = "Additional tags for the database subnet group"
  408. type = map(string)
  409. default = {}
  410. }
  411. variable "redshift_subnet_tags" {
  412. description = "Additional tags for the redshift subnets"
  413. type = map(string)
  414. default = {}
  415. }
  416. variable "redshift_subnet_group_tags" {
  417. description = "Additional tags for the redshift subnet group"
  418. type = map(string)
  419. default = {}
  420. }
  421. variable "elasticache_subnet_tags" {
  422. description = "Additional tags for the elasticache subnets"
  423. type = map(string)
  424. default = {}
  425. }
  426. variable "intra_subnet_tags" {
  427. description = "Additional tags for the intra subnets"
  428. type = map(string)
  429. default = {}
  430. }
  431. variable "public_acl_tags" {
  432. description = "Additional tags for the public subnets network ACL"
  433. type = map(string)
  434. default = {}
  435. }
  436. variable "private_acl_tags" {
  437. description = "Additional tags for the private subnets network ACL"
  438. type = map(string)
  439. default = {}
  440. }
  441. variable "outpost_acl_tags" {
  442. description = "Additional tags for the outpost subnets network ACL"
  443. type = map(string)
  444. default = {}
  445. }
  446. variable "intra_acl_tags" {
  447. description = "Additional tags for the intra subnets network ACL"
  448. type = map(string)
  449. default = {}
  450. }
  451. variable "database_acl_tags" {
  452. description = "Additional tags for the database subnets network ACL"
  453. type = map(string)
  454. default = {}
  455. }
  456. variable "redshift_acl_tags" {
  457. description = "Additional tags for the redshift subnets network ACL"
  458. type = map(string)
  459. default = {}
  460. }
  461. variable "elasticache_acl_tags" {
  462. description = "Additional tags for the elasticache subnets network ACL"
  463. type = map(string)
  464. default = {}
  465. }
  466. variable "dhcp_options_tags" {
  467. description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)"
  468. type = map(string)
  469. default = {}
  470. }
  471. variable "nat_gateway_tags" {
  472. description = "Additional tags for the NAT gateways"
  473. type = map(string)
  474. default = {}
  475. }
  476. variable "nat_eip_tags" {
  477. description = "Additional tags for the NAT EIP"
  478. type = map(string)
  479. default = {}
  480. }
  481. variable "customer_gateway_tags" {
  482. description = "Additional tags for the Customer Gateway"
  483. type = map(string)
  484. default = {}
  485. }
  486. variable "vpn_gateway_tags" {
  487. description = "Additional tags for the VPN gateway"
  488. type = map(string)
  489. default = {}
  490. }
  491. variable "vpc_flow_log_tags" {
  492. description = "Additional tags for the VPC Flow Logs"
  493. type = map(string)
  494. default = {}
  495. }
  496. variable "vpc_flow_log_permissions_boundary" {
  497. description = "The ARN of the Permissions Boundary for the VPC Flow Log IAM Role"
  498. type = string
  499. default = null
  500. }
  501. variable "enable_dhcp_options" {
  502. description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
  503. type = bool
  504. default = false
  505. }
  506. variable "dhcp_options_domain_name" {
  507. description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)"
  508. type = string
  509. default = ""
  510. }
  511. variable "dhcp_options_domain_name_servers" {
  512. description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)"
  513. type = list(string)
  514. default = ["AmazonProvidedDNS"]
  515. }
  516. variable "dhcp_options_ntp_servers" {
  517. description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)"
  518. type = list(string)
  519. default = []
  520. }
  521. variable "dhcp_options_netbios_name_servers" {
  522. description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)"
  523. type = list(string)
  524. default = []
  525. }
  526. variable "dhcp_options_netbios_node_type" {
  527. description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)"
  528. type = string
  529. default = ""
  530. }
  531. variable "manage_default_vpc" {
  532. description = "Should be true to adopt and manage Default VPC"
  533. type = bool
  534. default = false
  535. }
  536. variable "default_vpc_name" {
  537. description = "Name to be used on the Default VPC"
  538. type = string
  539. default = ""
  540. }
  541. variable "default_vpc_enable_dns_support" {
  542. description = "Should be true to enable DNS support in the Default VPC"
  543. type = bool
  544. default = true
  545. }
  546. variable "default_vpc_enable_dns_hostnames" {
  547. description = "Should be true to enable DNS hostnames in the Default VPC"
  548. type = bool
  549. default = false
  550. }
  551. variable "default_vpc_enable_classiclink" {
  552. description = "Should be true to enable ClassicLink in the Default VPC"
  553. type = bool
  554. default = false
  555. }
  556. variable "default_vpc_tags" {
  557. description = "Additional tags for the Default VPC"
  558. type = map(string)
  559. default = {}
  560. }
  561. variable "manage_default_network_acl" {
  562. description = "Should be true to adopt and manage Default Network ACL"
  563. type = bool
  564. default = false
  565. }
  566. variable "default_network_acl_name" {
  567. description = "Name to be used on the Default Network ACL"
  568. type = string
  569. default = ""
  570. }
  571. variable "default_network_acl_tags" {
  572. description = "Additional tags for the Default Network ACL"
  573. type = map(string)
  574. default = {}
  575. }
  576. variable "public_dedicated_network_acl" {
  577. description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
  578. type = bool
  579. default = false
  580. }
  581. variable "private_dedicated_network_acl" {
  582. description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
  583. type = bool
  584. default = false
  585. }
  586. variable "outpost_dedicated_network_acl" {
  587. description = "Whether to use dedicated network ACL (not default) and custom rules for outpost subnets"
  588. type = bool
  589. default = false
  590. }
  591. variable "intra_dedicated_network_acl" {
  592. description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets"
  593. type = bool
  594. default = false
  595. }
  596. variable "database_dedicated_network_acl" {
  597. description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets"
  598. type = bool
  599. default = false
  600. }
  601. variable "redshift_dedicated_network_acl" {
  602. description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets"
  603. type = bool
  604. default = false
  605. }
  606. variable "elasticache_dedicated_network_acl" {
  607. description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets"
  608. type = bool
  609. default = false
  610. }
  611. variable "default_network_acl_ingress" {
  612. description = "List of maps of ingress rules to set on the Default Network ACL"
  613. type = list(map(string))
  614. default = [
  615. {
  616. rule_no = 100
  617. action = "allow"
  618. from_port = 0
  619. to_port = 0
  620. protocol = "-1"
  621. cidr_block = "0.0.0.0/0"
  622. },
  623. {
  624. rule_no = 101
  625. action = "allow"
  626. from_port = 0
  627. to_port = 0
  628. protocol = "-1"
  629. ipv6_cidr_block = "::/0"
  630. },
  631. ]
  632. }
  633. variable "default_network_acl_egress" {
  634. description = "List of maps of egress rules to set on the Default Network ACL"
  635. type = list(map(string))
  636. default = [
  637. {
  638. rule_no = 100
  639. action = "allow"
  640. from_port = 0
  641. to_port = 0
  642. protocol = "-1"
  643. cidr_block = "0.0.0.0/0"
  644. },
  645. {
  646. rule_no = 101
  647. action = "allow"
  648. from_port = 0
  649. to_port = 0
  650. protocol = "-1"
  651. ipv6_cidr_block = "::/0"
  652. },
  653. ]
  654. }
  655. variable "public_inbound_acl_rules" {
  656. description = "Public subnets inbound network ACLs"
  657. type = list(map(string))
  658. default = [
  659. {
  660. rule_number = 100
  661. rule_action = "allow"
  662. from_port = 0
  663. to_port = 0
  664. protocol = "-1"
  665. cidr_block = "0.0.0.0/0"
  666. },
  667. ]
  668. }
  669. variable "public_outbound_acl_rules" {
  670. description = "Public subnets outbound network ACLs"
  671. type = list(map(string))
  672. default = [
  673. {
  674. rule_number = 100
  675. rule_action = "allow"
  676. from_port = 0
  677. to_port = 0
  678. protocol = "-1"
  679. cidr_block = "0.0.0.0/0"
  680. },
  681. ]
  682. }
  683. variable "private_inbound_acl_rules" {
  684. description = "Private subnets inbound network ACLs"
  685. type = list(map(string))
  686. default = [
  687. {
  688. rule_number = 100
  689. rule_action = "allow"
  690. from_port = 0
  691. to_port = 0
  692. protocol = "-1"
  693. cidr_block = "0.0.0.0/0"
  694. },
  695. ]
  696. }
  697. variable "private_outbound_acl_rules" {
  698. description = "Private subnets outbound network ACLs"
  699. type = list(map(string))
  700. default = [
  701. {
  702. rule_number = 100
  703. rule_action = "allow"
  704. from_port = 0
  705. to_port = 0
  706. protocol = "-1"
  707. cidr_block = "0.0.0.0/0"
  708. },
  709. ]
  710. }
  711. variable "outpost_inbound_acl_rules" {
  712. description = "Outpost subnets inbound network ACLs"
  713. type = list(map(string))
  714. default = [
  715. {
  716. rule_number = 100
  717. rule_action = "allow"
  718. from_port = 0
  719. to_port = 0
  720. protocol = "-1"
  721. cidr_block = "0.0.0.0/0"
  722. },
  723. ]
  724. }
  725. variable "outpost_outbound_acl_rules" {
  726. description = "Outpost subnets outbound network ACLs"
  727. type = list(map(string))
  728. default = [
  729. {
  730. rule_number = 100
  731. rule_action = "allow"
  732. from_port = 0
  733. to_port = 0
  734. protocol = "-1"
  735. cidr_block = "0.0.0.0/0"
  736. },
  737. ]
  738. }
  739. variable "intra_inbound_acl_rules" {
  740. description = "Intra subnets inbound network ACLs"
  741. type = list(map(string))
  742. default = [
  743. {
  744. rule_number = 100
  745. rule_action = "allow"
  746. from_port = 0
  747. to_port = 0
  748. protocol = "-1"
  749. cidr_block = "0.0.0.0/0"
  750. },
  751. ]
  752. }
  753. variable "intra_outbound_acl_rules" {
  754. description = "Intra subnets outbound network ACLs"
  755. type = list(map(string))
  756. default = [
  757. {
  758. rule_number = 100
  759. rule_action = "allow"
  760. from_port = 0
  761. to_port = 0
  762. protocol = "-1"
  763. cidr_block = "0.0.0.0/0"
  764. },
  765. ]
  766. }
  767. variable "database_inbound_acl_rules" {
  768. description = "Database subnets inbound network ACL rules"
  769. type = list(map(string))
  770. default = [
  771. {
  772. rule_number = 100
  773. rule_action = "allow"
  774. from_port = 0
  775. to_port = 0
  776. protocol = "-1"
  777. cidr_block = "0.0.0.0/0"
  778. },
  779. ]
  780. }
  781. variable "database_outbound_acl_rules" {
  782. description = "Database subnets outbound network ACL rules"
  783. type = list(map(string))
  784. default = [
  785. {
  786. rule_number = 100
  787. rule_action = "allow"
  788. from_port = 0
  789. to_port = 0
  790. protocol = "-1"
  791. cidr_block = "0.0.0.0/0"
  792. },
  793. ]
  794. }
  795. variable "redshift_inbound_acl_rules" {
  796. description = "Redshift subnets inbound network ACL rules"
  797. type = list(map(string))
  798. default = [
  799. {
  800. rule_number = 100
  801. rule_action = "allow"
  802. from_port = 0
  803. to_port = 0
  804. protocol = "-1"
  805. cidr_block = "0.0.0.0/0"
  806. },
  807. ]
  808. }
  809. variable "redshift_outbound_acl_rules" {
  810. description = "Redshift subnets outbound network ACL rules"
  811. type = list(map(string))
  812. default = [
  813. {
  814. rule_number = 100
  815. rule_action = "allow"
  816. from_port = 0
  817. to_port = 0
  818. protocol = "-1"
  819. cidr_block = "0.0.0.0/0"
  820. },
  821. ]
  822. }
  823. variable "elasticache_inbound_acl_rules" {
  824. description = "Elasticache subnets inbound network ACL rules"
  825. type = list(map(string))
  826. default = [
  827. {
  828. rule_number = 100
  829. rule_action = "allow"
  830. from_port = 0
  831. to_port = 0
  832. protocol = "-1"
  833. cidr_block = "0.0.0.0/0"
  834. },
  835. ]
  836. }
  837. variable "elasticache_outbound_acl_rules" {
  838. description = "Elasticache subnets outbound network ACL rules"
  839. type = list(map(string))
  840. default = [
  841. {
  842. rule_number = 100
  843. rule_action = "allow"
  844. from_port = 0
  845. to_port = 0
  846. protocol = "-1"
  847. cidr_block = "0.0.0.0/0"
  848. },
  849. ]
  850. }
  851. variable "manage_default_security_group" {
  852. description = "Should be true to adopt and manage default security group"
  853. type = bool
  854. default = false
  855. }
  856. variable "default_security_group_name" {
  857. description = "Name to be used on the default security group"
  858. type = string
  859. default = "default"
  860. }
  861. variable "default_security_group_ingress" {
  862. description = "List of maps of ingress rules to set on the default security group"
  863. type = list(map(string))
  864. default = null
  865. }
  866. variable "enable_flow_log" {
  867. description = "Whether or not to enable VPC Flow Logs"
  868. type = bool
  869. default = false
  870. }
  871. variable "default_security_group_egress" {
  872. description = "List of maps of egress rules to set on the default security group"
  873. type = list(map(string))
  874. default = null
  875. }
  876. variable "default_security_group_tags" {
  877. description = "Additional tags for the default security group"
  878. type = map(string)
  879. default = {}
  880. }
  881. variable "create_flow_log_cloudwatch_log_group" {
  882. description = "Whether to create CloudWatch log group for VPC Flow Logs"
  883. type = bool
  884. default = false
  885. }
  886. variable "create_flow_log_cloudwatch_iam_role" {
  887. description = "Whether to create IAM role for VPC Flow Logs"
  888. type = bool
  889. default = false
  890. }
  891. variable "flow_log_traffic_type" {
  892. description = "The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL."
  893. type = string
  894. default = "ALL"
  895. }
  896. variable "flow_log_destination_type" {
  897. description = "Type of flow log destination. Can be s3 or cloud-watch-logs."
  898. type = string
  899. default = "cloud-watch-logs"
  900. }
  901. variable "flow_log_log_format" {
  902. description = "The fields to include in the flow log record, in the order in which they should appear."
  903. type = string
  904. default = null
  905. }
  906. variable "flow_log_destination_arn" {
  907. description = "The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided."
  908. type = string
  909. default = ""
  910. }
  911. variable "flow_log_cloudwatch_iam_role_arn" {
  912. description = "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided."
  913. type = string
  914. default = ""
  915. }
  916. variable "flow_log_cloudwatch_log_group_name_prefix" {
  917. description = "Specifies the name prefix of CloudWatch Log Group for VPC flow logs."
  918. type = string
  919. default = "/aws/vpc-flow-log/"
  920. }
  921. variable "flow_log_cloudwatch_log_group_retention_in_days" {
  922. description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs."
  923. type = number
  924. default = null
  925. }
  926. variable "flow_log_cloudwatch_log_group_kms_key_id" {
  927. description = "The ARN of the KMS Key to use when encrypting log data for VPC flow logs."
  928. type = string
  929. default = null
  930. }
  931. variable "flow_log_max_aggregation_interval" {
  932. description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds."
  933. type = number
  934. default = 600
  935. }
  936. variable "create_igw" {
  937. description = "Controls if an Internet Gateway is created for public subnets and the related routes that connect them."
  938. type = bool
  939. default = true
  940. }
  941. variable "create_egress_only_igw" {
  942. description = "Controls if an Egress Only Internet Gateway is created and its related routes."
  943. type = bool
  944. default = true
  945. }
  946. variable "outpost_arn" {
  947. description = "ARN of Outpost you want to create a subnet in."
  948. type = string
  949. default = null
  950. }
  951. variable "outpost_az" {
  952. description = "AZ where Outpost is anchored."
  953. type = string
  954. default = null
  955. }