This is a mirror of the official AWS VPC module from github. (Prevents failed clones happening frequently when using github).
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2599 lines
87KB

  1. variable "create_vpc" {
  2. description = "Controls if VPC should be created (it affects almost all resources)"
  3. type = bool
  4. default = true
  5. }
  6. variable "name" {
  7. description = "Name to be used on all the resources as identifier"
  8. type = string
  9. default = ""
  10. }
  11. variable "cidr" {
  12. description = "The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden"
  13. type = string
  14. default = "0.0.0.0/0"
  15. }
  16. variable "enable_ipv6" {
  17. description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block."
  18. type = bool
  19. default = false
  20. }
  21. variable "private_subnet_ipv6_prefixes" {
  22. description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  23. type = list(string)
  24. default = []
  25. }
  26. variable "public_subnet_ipv6_prefixes" {
  27. description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  28. type = list(string)
  29. default = []
  30. }
  31. variable "database_subnet_ipv6_prefixes" {
  32. description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  33. type = list(string)
  34. default = []
  35. }
  36. variable "redshift_subnet_ipv6_prefixes" {
  37. description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  38. type = list(string)
  39. default = []
  40. }
  41. variable "elasticache_subnet_ipv6_prefixes" {
  42. description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  43. type = list(string)
  44. default = []
  45. }
  46. variable "intra_subnet_ipv6_prefixes" {
  47. description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  48. type = list(string)
  49. default = []
  50. }
  51. variable "assign_ipv6_address_on_creation" {
  52. description = "Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  53. type = bool
  54. default = false
  55. }
  56. variable "private_subnet_assign_ipv6_address_on_creation" {
  57. description = "Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  58. type = bool
  59. default = null
  60. }
  61. variable "public_subnet_assign_ipv6_address_on_creation" {
  62. description = "Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  63. type = bool
  64. default = null
  65. }
  66. variable "database_subnet_assign_ipv6_address_on_creation" {
  67. description = "Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  68. type = bool
  69. default = null
  70. }
  71. variable "redshift_subnet_assign_ipv6_address_on_creation" {
  72. description = "Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  73. type = bool
  74. default = null
  75. }
  76. variable "elasticache_subnet_assign_ipv6_address_on_creation" {
  77. description = "Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  78. type = bool
  79. default = null
  80. }
  81. variable "intra_subnet_assign_ipv6_address_on_creation" {
  82. description = "Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  83. type = bool
  84. default = null
  85. }
  86. variable "secondary_cidr_blocks" {
  87. description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
  88. type = list(string)
  89. default = []
  90. }
  91. variable "instance_tenancy" {
  92. description = "A tenancy option for instances launched into the VPC"
  93. type = string
  94. default = "default"
  95. }
  96. variable "public_subnet_suffix" {
  97. description = "Suffix to append to public subnets name"
  98. type = string
  99. default = "public"
  100. }
  101. variable "private_subnet_suffix" {
  102. description = "Suffix to append to private subnets name"
  103. type = string
  104. default = "private"
  105. }
  106. variable "intra_subnet_suffix" {
  107. description = "Suffix to append to intra subnets name"
  108. type = string
  109. default = "intra"
  110. }
  111. variable "database_subnet_suffix" {
  112. description = "Suffix to append to database subnets name"
  113. type = string
  114. default = "db"
  115. }
  116. variable "redshift_subnet_suffix" {
  117. description = "Suffix to append to redshift subnets name"
  118. type = string
  119. default = "redshift"
  120. }
  121. variable "elasticache_subnet_suffix" {
  122. description = "Suffix to append to elasticache subnets name"
  123. type = string
  124. default = "elasticache"
  125. }
  126. variable "public_subnets" {
  127. description = "A list of public subnets inside the VPC"
  128. type = list(string)
  129. default = []
  130. }
  131. variable "private_subnets" {
  132. description = "A list of private subnets inside the VPC"
  133. type = list(string)
  134. default = []
  135. }
  136. variable "database_subnets" {
  137. description = "A list of database subnets"
  138. type = list(string)
  139. default = []
  140. }
  141. variable "redshift_subnets" {
  142. description = "A list of redshift subnets"
  143. type = list(string)
  144. default = []
  145. }
  146. variable "elasticache_subnets" {
  147. description = "A list of elasticache subnets"
  148. type = list(string)
  149. default = []
  150. }
  151. variable "intra_subnets" {
  152. description = "A list of intra subnets"
  153. type = list(string)
  154. default = []
  155. }
  156. variable "create_database_subnet_route_table" {
  157. description = "Controls if separate route table for database should be created"
  158. type = bool
  159. default = false
  160. }
  161. variable "create_redshift_subnet_route_table" {
  162. description = "Controls if separate route table for redshift should be created"
  163. type = bool
  164. default = false
  165. }
  166. variable "enable_public_redshift" {
  167. description = "Controls if redshift should have public routing table"
  168. type = bool
  169. default = false
  170. }
  171. variable "create_elasticache_subnet_route_table" {
  172. description = "Controls if separate route table for elasticache should be created"
  173. type = bool
  174. default = false
  175. }
  176. variable "create_database_subnet_group" {
  177. description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)"
  178. type = bool
  179. default = true
  180. }
  181. variable "create_elasticache_subnet_group" {
  182. description = "Controls if elasticache subnet group should be created"
  183. type = bool
  184. default = true
  185. }
  186. variable "create_redshift_subnet_group" {
  187. description = "Controls if redshift subnet group should be created"
  188. type = bool
  189. default = true
  190. }
  191. variable "create_database_internet_gateway_route" {
  192. description = "Controls if an internet gateway route for public database access should be created"
  193. type = bool
  194. default = false
  195. }
  196. variable "create_database_nat_gateway_route" {
  197. description = "Controls if a nat gateway route should be created to give internet access to the database subnets"
  198. type = bool
  199. default = false
  200. }
  201. variable "azs" {
  202. description = "A list of availability zones names or ids in the region"
  203. type = list(string)
  204. default = []
  205. }
  206. variable "enable_dns_hostnames" {
  207. description = "Should be true to enable DNS hostnames in the VPC"
  208. type = bool
  209. default = false
  210. }
  211. variable "enable_dns_support" {
  212. description = "Should be true to enable DNS support in the VPC"
  213. type = bool
  214. default = true
  215. }
  216. variable "enable_classiclink" {
  217. description = "Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic."
  218. type = bool
  219. default = null
  220. }
  221. variable "enable_classiclink_dns_support" {
  222. description = "Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic."
  223. type = bool
  224. default = null
  225. }
  226. variable "enable_nat_gateway" {
  227. description = "Should be true if you want to provision NAT Gateways for each of your private networks"
  228. type = bool
  229. default = false
  230. }
  231. variable "single_nat_gateway" {
  232. description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
  233. type = bool
  234. default = false
  235. }
  236. variable "one_nat_gateway_per_az" {
  237. description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`."
  238. type = bool
  239. default = false
  240. }
  241. variable "reuse_nat_ips" {
  242. description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable"
  243. type = bool
  244. default = false
  245. }
  246. variable "external_nat_ip_ids" {
  247. description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)"
  248. type = list(string)
  249. default = []
  250. }
  251. variable "external_nat_ips" {
  252. description = "List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)"
  253. type = list(string)
  254. default = []
  255. }
  256. variable "enable_public_s3_endpoint" {
  257. description = "Whether to enable S3 VPC Endpoint for public subnets"
  258. default = true
  259. type = bool
  260. }
  261. variable "enable_dynamodb_endpoint" {
  262. description = "Should be true if you want to provision a DynamoDB endpoint to the VPC"
  263. type = bool
  264. default = false
  265. }
  266. variable "enable_s3_endpoint" {
  267. description = "Should be true if you want to provision an S3 endpoint to the VPC"
  268. type = bool
  269. default = false
  270. }
  271. variable "enable_codeartifact_api_endpoint" {
  272. description = "Should be true if you want to provision an Codeartifact API endpoint to the VPC"
  273. type = bool
  274. default = false
  275. }
  276. variable "codeartifact_api_endpoint_security_group_ids" {
  277. description = "The ID of one or more security groups to associate with the network interface for Codeartifact API endpoint"
  278. type = list(string)
  279. default = []
  280. }
  281. variable "codeartifact_api_endpoint_subnet_ids" {
  282. description = "The ID of one or more subnets in which to create a network interface for Codeartifact API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  283. type = list(string)
  284. default = []
  285. }
  286. variable "codeartifact_api_endpoint_private_dns_enabled" {
  287. description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact API endpoint"
  288. type = bool
  289. default = false
  290. }
  291. variable "enable_codeartifact_repositories_endpoint" {
  292. description = "Should be true if you want to provision an Codeartifact repositories endpoint to the VPC"
  293. type = bool
  294. default = false
  295. }
  296. variable "codeartifact_repositories_endpoint_security_group_ids" {
  297. description = "The ID of one or more security groups to associate with the network interface for Codeartifact repositories endpoint"
  298. type = list(string)
  299. default = []
  300. }
  301. variable "codeartifact_repositories_endpoint_subnet_ids" {
  302. description = "The ID of one or more subnets in which to create a network interface for Codeartifact repositories endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  303. type = list(string)
  304. default = []
  305. }
  306. variable "codeartifact_repositories_endpoint_private_dns_enabled" {
  307. description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact repositories endpoint"
  308. type = bool
  309. default = false
  310. }
  311. variable "enable_codebuild_endpoint" {
  312. description = "Should be true if you want to provision an Codebuild endpoint to the VPC"
  313. type = bool
  314. default = false
  315. }
  316. variable "codebuild_endpoint_security_group_ids" {
  317. description = "The ID of one or more security groups to associate with the network interface for Codebuild endpoint"
  318. type = list(string)
  319. default = []
  320. }
  321. variable "codebuild_endpoint_subnet_ids" {
  322. description = "The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  323. type = list(string)
  324. default = []
  325. }
  326. variable "codebuild_endpoint_private_dns_enabled" {
  327. description = "Whether or not to associate a private hosted zone with the specified VPC for Codebuild endpoint"
  328. type = bool
  329. default = false
  330. }
  331. variable "enable_codecommit_endpoint" {
  332. description = "Should be true if you want to provision an Codecommit endpoint to the VPC"
  333. type = bool
  334. default = false
  335. }
  336. variable "codecommit_endpoint_security_group_ids" {
  337. description = "The ID of one or more security groups to associate with the network interface for Codecommit endpoint"
  338. type = list(string)
  339. default = []
  340. }
  341. variable "codecommit_endpoint_subnet_ids" {
  342. description = "The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  343. type = list(string)
  344. default = []
  345. }
  346. variable "codecommit_endpoint_private_dns_enabled" {
  347. description = "Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint"
  348. type = bool
  349. default = false
  350. }
  351. variable "enable_git_codecommit_endpoint" {
  352. description = "Should be true if you want to provision an Git Codecommit endpoint to the VPC"
  353. type = bool
  354. default = false
  355. }
  356. variable "git_codecommit_endpoint_security_group_ids" {
  357. description = "The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint"
  358. type = list(string)
  359. default = []
  360. }
  361. variable "git_codecommit_endpoint_subnet_ids" {
  362. description = "The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  363. type = list(string)
  364. default = []
  365. }
  366. variable "git_codecommit_endpoint_private_dns_enabled" {
  367. description = "Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint"
  368. type = bool
  369. default = false
  370. }
  371. variable "enable_config_endpoint" {
  372. description = "Should be true if you want to provision an config endpoint to the VPC"
  373. type = bool
  374. default = false
  375. }
  376. variable "config_endpoint_security_group_ids" {
  377. description = "The ID of one or more security groups to associate with the network interface for config endpoint"
  378. type = list(string)
  379. default = []
  380. }
  381. variable "config_endpoint_subnet_ids" {
  382. description = "The ID of one or more subnets in which to create a network interface for config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  383. type = list(string)
  384. default = []
  385. }
  386. variable "config_endpoint_private_dns_enabled" {
  387. description = "Whether or not to associate a private hosted zone with the specified VPC for config endpoint"
  388. type = bool
  389. default = false
  390. }
  391. variable "enable_sqs_endpoint" {
  392. description = "Should be true if you want to provision an SQS endpoint to the VPC"
  393. type = bool
  394. default = false
  395. }
  396. variable "sqs_endpoint_security_group_ids" {
  397. description = "The ID of one or more security groups to associate with the network interface for SQS endpoint"
  398. type = list(string)
  399. default = []
  400. }
  401. variable "sqs_endpoint_subnet_ids" {
  402. description = "The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  403. type = list(string)
  404. default = []
  405. }
  406. variable "sqs_endpoint_private_dns_enabled" {
  407. description = "Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint"
  408. type = bool
  409. default = false
  410. }
  411. variable "enable_lambda_endpoint" {
  412. description = "Should be true if you want to provision a Lambda endpoint to the VPC"
  413. type = bool
  414. default = false
  415. }
  416. variable "lambda_endpoint_security_group_ids" {
  417. description = "The ID of one or more security groups to associate with the network interface for Lambda endpoint"
  418. type = list(string)
  419. default = []
  420. }
  421. variable "lambda_endpoint_subnet_ids" {
  422. description = "The ID of one or more subnets in which to create a network interface for Lambda endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  423. type = list(string)
  424. default = []
  425. }
  426. variable "lambda_endpoint_private_dns_enabled" {
  427. description = "Whether or not to associate a private hosted zone with the specified VPC for Lambda endpoint"
  428. type = bool
  429. default = false
  430. }
  431. variable "enable_ssm_endpoint" {
  432. description = "Should be true if you want to provision an SSM endpoint to the VPC"
  433. type = bool
  434. default = false
  435. }
  436. variable "ssm_endpoint_security_group_ids" {
  437. description = "The ID of one or more security groups to associate with the network interface for SSM endpoint"
  438. type = list(string)
  439. default = []
  440. }
  441. variable "ssm_endpoint_subnet_ids" {
  442. description = "The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  443. type = list(string)
  444. default = []
  445. }
  446. variable "ssm_endpoint_private_dns_enabled" {
  447. description = "Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint"
  448. type = bool
  449. default = false
  450. }
  451. variable "enable_secretsmanager_endpoint" {
  452. description = "Should be true if you want to provision an Secrets Manager endpoint to the VPC"
  453. type = bool
  454. default = false
  455. }
  456. variable "secretsmanager_endpoint_security_group_ids" {
  457. description = "The ID of one or more security groups to associate with the network interface for Secrets Manager endpoint"
  458. type = list(string)
  459. default = []
  460. }
  461. variable "secretsmanager_endpoint_subnet_ids" {
  462. description = "The ID of one or more subnets in which to create a network interface for Secrets Manager endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  463. type = list(string)
  464. default = []
  465. }
  466. variable "secretsmanager_endpoint_private_dns_enabled" {
  467. description = "Whether or not to associate a private hosted zone with the specified VPC for Secrets Manager endpoint"
  468. type = bool
  469. default = false
  470. }
  471. variable "enable_apigw_endpoint" {
  472. description = "Should be true if you want to provision an api gateway endpoint to the VPC"
  473. type = bool
  474. default = false
  475. }
  476. variable "apigw_endpoint_security_group_ids" {
  477. description = "The ID of one or more security groups to associate with the network interface for API GW endpoint"
  478. type = list(string)
  479. default = []
  480. }
  481. variable "apigw_endpoint_private_dns_enabled" {
  482. description = "Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint"
  483. type = bool
  484. default = false
  485. }
  486. variable "apigw_endpoint_subnet_ids" {
  487. description = "The ID of one or more subnets in which to create a network interface for API GW endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  488. type = list(string)
  489. default = []
  490. }
  491. variable "enable_ssmmessages_endpoint" {
  492. description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC"
  493. type = bool
  494. default = false
  495. }
  496. variable "ssmmessages_endpoint_security_group_ids" {
  497. description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint"
  498. type = list(string)
  499. default = []
  500. }
  501. variable "ssmmessages_endpoint_subnet_ids" {
  502. description = "The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  503. type = list(string)
  504. default = []
  505. }
  506. variable "ssmmessages_endpoint_private_dns_enabled" {
  507. description = "Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint"
  508. type = bool
  509. default = false
  510. }
  511. variable "enable_textract_endpoint" {
  512. description = "Should be true if you want to provision an Textract endpoint to the VPC"
  513. type = bool
  514. default = false
  515. }
  516. variable "textract_endpoint_security_group_ids" {
  517. description = "The ID of one or more security groups to associate with the network interface for Textract endpoint"
  518. type = list(string)
  519. default = []
  520. }
  521. variable "textract_endpoint_subnet_ids" {
  522. description = "The ID of one or more subnets in which to create a network interface for Textract endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  523. type = list(string)
  524. default = []
  525. }
  526. variable "textract_endpoint_private_dns_enabled" {
  527. description = "Whether or not to associate a private hosted zone with the specified VPC for Textract endpoint"
  528. type = bool
  529. default = false
  530. }
  531. variable "enable_transferserver_endpoint" {
  532. description = "Should be true if you want to provision a Transfer Server endpoint to the VPC"
  533. type = bool
  534. default = false
  535. }
  536. variable "transferserver_endpoint_security_group_ids" {
  537. description = "The ID of one or more security groups to associate with the network interface for Transfer Server endpoint"
  538. type = list(string)
  539. default = []
  540. }
  541. variable "transferserver_endpoint_subnet_ids" {
  542. description = "The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  543. type = list(string)
  544. default = []
  545. }
  546. variable "transferserver_endpoint_private_dns_enabled" {
  547. description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint"
  548. type = bool
  549. default = false
  550. }
  551. variable "enable_ec2_endpoint" {
  552. description = "Should be true if you want to provision an EC2 endpoint to the VPC"
  553. type = bool
  554. default = false
  555. }
  556. variable "ec2_endpoint_security_group_ids" {
  557. description = "The ID of one or more security groups to associate with the network interface for EC2 endpoint"
  558. type = list(string)
  559. default = []
  560. }
  561. variable "ec2_endpoint_private_dns_enabled" {
  562. description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint"
  563. type = bool
  564. default = false
  565. }
  566. variable "ec2_endpoint_subnet_ids" {
  567. description = "The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  568. type = list(string)
  569. default = []
  570. }
  571. variable "enable_ec2messages_endpoint" {
  572. description = "Should be true if you want to provision an EC2MESSAGES endpoint to the VPC"
  573. type = bool
  574. default = false
  575. }
  576. variable "ec2messages_endpoint_security_group_ids" {
  577. description = "The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint"
  578. type = list(string)
  579. default = []
  580. }
  581. variable "ec2messages_endpoint_private_dns_enabled" {
  582. description = "Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint"
  583. type = bool
  584. default = false
  585. }
  586. variable "ec2messages_endpoint_subnet_ids" {
  587. description = "The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  588. type = list(string)
  589. default = []
  590. }
  591. variable "enable_ec2_autoscaling_endpoint" {
  592. description = "Should be true if you want to provision an EC2 Autoscaling endpoint to the VPC"
  593. type = bool
  594. default = false
  595. }
  596. variable "ec2_autoscaling_endpoint_security_group_ids" {
  597. description = "The ID of one or more security groups to associate with the network interface for EC2 Autoscaling endpoint"
  598. type = list(string)
  599. default = []
  600. }
  601. variable "ec2_autoscaling_endpoint_private_dns_enabled" {
  602. description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 Autoscaling endpoint"
  603. type = bool
  604. default = false
  605. }
  606. variable "ec2_autoscaling_endpoint_subnet_ids" {
  607. description = "The ID of one or more subnets in which to create a network interface for EC2 Autoscaling endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  608. type = list(string)
  609. default = []
  610. }
  611. variable "enable_ecr_api_endpoint" {
  612. description = "Should be true if you want to provision an ecr api endpoint to the VPC"
  613. type = bool
  614. default = false
  615. }
  616. variable "ecr_api_endpoint_subnet_ids" {
  617. description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used."
  618. type = list(string)
  619. default = []
  620. }
  621. variable "ecr_api_endpoint_private_dns_enabled" {
  622. description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint"
  623. type = bool
  624. default = false
  625. }
  626. variable "ecr_api_endpoint_security_group_ids" {
  627. description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint"
  628. type = list(string)
  629. default = []
  630. }
  631. variable "enable_ecr_dkr_endpoint" {
  632. description = "Should be true if you want to provision an ecr dkr endpoint to the VPC"
  633. type = bool
  634. default = false
  635. }
  636. variable "ecr_dkr_endpoint_subnet_ids" {
  637. description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used."
  638. type = list(string)
  639. default = []
  640. }
  641. variable "ecr_dkr_endpoint_private_dns_enabled" {
  642. description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint"
  643. type = bool
  644. default = false
  645. }
  646. variable "ecr_dkr_endpoint_security_group_ids" {
  647. description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint"
  648. type = list(string)
  649. default = []
  650. }
  651. variable "enable_kms_endpoint" {
  652. description = "Should be true if you want to provision a KMS endpoint to the VPC"
  653. type = bool
  654. default = false
  655. }
  656. variable "kms_endpoint_security_group_ids" {
  657. description = "The ID of one or more security groups to associate with the network interface for KMS endpoint"
  658. type = list(string)
  659. default = []
  660. }
  661. variable "kms_endpoint_subnet_ids" {
  662. description = "The ID of one or more subnets in which to create a network interface for KMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  663. type = list(string)
  664. default = []
  665. }
  666. variable "kms_endpoint_private_dns_enabled" {
  667. description = "Whether or not to associate a private hosted zone with the specified VPC for KMS endpoint"
  668. type = bool
  669. default = false
  670. }
  671. variable "enable_ecs_endpoint" {
  672. description = "Should be true if you want to provision a ECS endpoint to the VPC"
  673. type = bool
  674. default = false
  675. }
  676. variable "ecs_endpoint_security_group_ids" {
  677. description = "The ID of one or more security groups to associate with the network interface for ECS endpoint"
  678. type = list(string)
  679. default = []
  680. }
  681. variable "ecs_endpoint_subnet_ids" {
  682. description = "The ID of one or more subnets in which to create a network interface for ECS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  683. type = list(string)
  684. default = []
  685. }
  686. variable "ecs_endpoint_private_dns_enabled" {
  687. description = "Whether or not to associate a private hosted zone with the specified VPC for ECS endpoint"
  688. type = bool
  689. default = false
  690. }
  691. variable "enable_ecs_agent_endpoint" {
  692. description = "Should be true if you want to provision a ECS Agent endpoint to the VPC"
  693. type = bool
  694. default = false
  695. }
  696. variable "ecs_agent_endpoint_security_group_ids" {
  697. description = "The ID of one or more security groups to associate with the network interface for ECS Agent endpoint"
  698. type = list(string)
  699. default = []
  700. }
  701. variable "ecs_agent_endpoint_subnet_ids" {
  702. description = "The ID of one or more subnets in which to create a network interface for ECS Agent endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  703. type = list(string)
  704. default = []
  705. }
  706. variable "ecs_agent_endpoint_private_dns_enabled" {
  707. description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Agent endpoint"
  708. type = bool
  709. default = false
  710. }
  711. variable "enable_ecs_telemetry_endpoint" {
  712. description = "Should be true if you want to provision a ECS Telemetry endpoint to the VPC"
  713. type = bool
  714. default = false
  715. }
  716. variable "ecs_telemetry_endpoint_security_group_ids" {
  717. description = "The ID of one or more security groups to associate with the network interface for ECS Telemetry endpoint"
  718. type = list(string)
  719. default = []
  720. }
  721. variable "ecs_telemetry_endpoint_subnet_ids" {
  722. description = "The ID of one or more subnets in which to create a network interface for ECS Telemetry endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  723. type = list(string)
  724. default = []
  725. }
  726. variable "ecs_telemetry_endpoint_private_dns_enabled" {
  727. description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Telemetry endpoint"
  728. type = bool
  729. default = false
  730. }
  731. variable "enable_sns_endpoint" {
  732. description = "Should be true if you want to provision a SNS endpoint to the VPC"
  733. type = bool
  734. default = false
  735. }
  736. variable "sns_endpoint_security_group_ids" {
  737. description = "The ID of one or more security groups to associate with the network interface for SNS endpoint"
  738. type = list(string)
  739. default = []
  740. }
  741. variable "sns_endpoint_subnet_ids" {
  742. description = "The ID of one or more subnets in which to create a network interface for SNS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  743. type = list(string)
  744. default = []
  745. }
  746. variable "sns_endpoint_private_dns_enabled" {
  747. description = "Whether or not to associate a private hosted zone with the specified VPC for SNS endpoint"
  748. type = bool
  749. default = false
  750. }
  751. variable "enable_monitoring_endpoint" {
  752. description = "Should be true if you want to provision a CloudWatch Monitoring endpoint to the VPC"
  753. type = bool
  754. default = false
  755. }
  756. variable "monitoring_endpoint_security_group_ids" {
  757. description = "The ID of one or more security groups to associate with the network interface for CloudWatch Monitoring endpoint"
  758. type = list(string)
  759. default = []
  760. }
  761. variable "monitoring_endpoint_subnet_ids" {
  762. description = "The ID of one or more subnets in which to create a network interface for CloudWatch Monitoring endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  763. type = list(string)
  764. default = []
  765. }
  766. variable "monitoring_endpoint_private_dns_enabled" {
  767. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Monitoring endpoint"
  768. type = bool
  769. default = false
  770. }
  771. variable "enable_elasticloadbalancing_endpoint" {
  772. description = "Should be true if you want to provision a Elastic Load Balancing endpoint to the VPC"
  773. type = bool
  774. default = false
  775. }
  776. variable "elasticloadbalancing_endpoint_security_group_ids" {
  777. description = "The ID of one or more security groups to associate with the network interface for Elastic Load Balancing endpoint"
  778. type = list(string)
  779. default = []
  780. }
  781. variable "elasticloadbalancing_endpoint_subnet_ids" {
  782. description = "The ID of one or more subnets in which to create a network interface for Elastic Load Balancing endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  783. type = list(string)
  784. default = []
  785. }
  786. variable "elasticloadbalancing_endpoint_private_dns_enabled" {
  787. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Load Balancing endpoint"
  788. type = bool
  789. default = false
  790. }
  791. variable "enable_events_endpoint" {
  792. description = "Should be true if you want to provision a CloudWatch Events endpoint to the VPC"
  793. type = bool
  794. default = false
  795. }
  796. variable "events_endpoint_security_group_ids" {
  797. description = "The ID of one or more security groups to associate with the network interface for CloudWatch Events endpoint"
  798. type = list(string)
  799. default = []
  800. }
  801. variable "events_endpoint_subnet_ids" {
  802. description = "The ID of one or more subnets in which to create a network interface for CloudWatch Events endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  803. type = list(string)
  804. default = []
  805. }
  806. variable "events_endpoint_private_dns_enabled" {
  807. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Events endpoint"
  808. type = bool
  809. default = false
  810. }
  811. variable "enable_logs_endpoint" {
  812. description = "Should be true if you want to provision a CloudWatch Logs endpoint to the VPC"
  813. type = bool
  814. default = false
  815. }
  816. variable "logs_endpoint_security_group_ids" {
  817. description = "The ID of one or more security groups to associate with the network interface for CloudWatch Logs endpoint"
  818. type = list(string)
  819. default = []
  820. }
  821. variable "logs_endpoint_subnet_ids" {
  822. description = "The ID of one or more subnets in which to create a network interface for CloudWatch Logs endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  823. type = list(string)
  824. default = []
  825. }
  826. variable "logs_endpoint_private_dns_enabled" {
  827. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Logs endpoint"
  828. type = bool
  829. default = false
  830. }
  831. variable "enable_cloudtrail_endpoint" {
  832. description = "Should be true if you want to provision a CloudTrail endpoint to the VPC"
  833. type = bool
  834. default = false
  835. }
  836. variable "cloudtrail_endpoint_security_group_ids" {
  837. description = "The ID of one or more security groups to associate with the network interface for CloudTrail endpoint"
  838. type = list(string)
  839. default = []
  840. }
  841. variable "cloudtrail_endpoint_subnet_ids" {
  842. description = "The ID of one or more subnets in which to create a network interface for CloudTrail endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  843. type = list(string)
  844. default = []
  845. }
  846. variable "cloudtrail_endpoint_private_dns_enabled" {
  847. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudTrail endpoint"
  848. type = bool
  849. default = false
  850. }
  851. variable "enable_kinesis_streams_endpoint" {
  852. description = "Should be true if you want to provision a Kinesis Streams endpoint to the VPC"
  853. type = bool
  854. default = false
  855. }
  856. variable "kinesis_streams_endpoint_security_group_ids" {
  857. description = "The ID of one or more security groups to associate with the network interface for Kinesis Streams endpoint"
  858. type = list(string)
  859. default = []
  860. }
  861. variable "kinesis_streams_endpoint_subnet_ids" {
  862. description = "The ID of one or more subnets in which to create a network interface for Kinesis Streams endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  863. type = list(string)
  864. default = []
  865. }
  866. variable "kinesis_streams_endpoint_private_dns_enabled" {
  867. description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Streams endpoint"
  868. type = bool
  869. default = false
  870. }
  871. variable "enable_kinesis_firehose_endpoint" {
  872. description = "Should be true if you want to provision a Kinesis Firehose endpoint to the VPC"
  873. type = bool
  874. default = false
  875. }
  876. variable "kinesis_firehose_endpoint_security_group_ids" {
  877. description = "The ID of one or more security groups to associate with the network interface for Kinesis Firehose endpoint"
  878. type = list(string)
  879. default = []
  880. }
  881. variable "kinesis_firehose_endpoint_subnet_ids" {
  882. description = "The ID of one or more subnets in which to create a network interface for Kinesis Firehose endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  883. type = list(string)
  884. default = []
  885. }
  886. variable "kinesis_firehose_endpoint_private_dns_enabled" {
  887. description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Firehose endpoint"
  888. type = bool
  889. default = false
  890. }
  891. variable "enable_glue_endpoint" {
  892. description = "Should be true if you want to provision a Glue endpoint to the VPC"
  893. type = bool
  894. default = false
  895. }
  896. variable "glue_endpoint_security_group_ids" {
  897. description = "The ID of one or more security groups to associate with the network interface for Glue endpoint"
  898. type = list(string)
  899. default = []
  900. }
  901. variable "glue_endpoint_subnet_ids" {
  902. description = "The ID of one or more subnets in which to create a network interface for Glue endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  903. type = list(string)
  904. default = []
  905. }
  906. variable "glue_endpoint_private_dns_enabled" {
  907. description = "Whether or not to associate a private hosted zone with the specified VPC for Glue endpoint"
  908. type = bool
  909. default = false
  910. }
  911. variable "enable_sagemaker_notebook_endpoint" {
  912. description = "Should be true if you want to provision a Sagemaker Notebook endpoint to the VPC"
  913. type = bool
  914. default = false
  915. }
  916. variable "sagemaker_notebook_endpoint_region" {
  917. description = "Region to use for Sagemaker Notebook endpoint"
  918. type = string
  919. default = ""
  920. }
  921. variable "sagemaker_notebook_endpoint_security_group_ids" {
  922. description = "The ID of one or more security groups to associate with the network interface for Sagemaker Notebook endpoint"
  923. type = list(string)
  924. default = []
  925. }
  926. variable "sagemaker_notebook_endpoint_subnet_ids" {
  927. description = "The ID of one or more subnets in which to create a network interface for Sagemaker Notebook endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  928. type = list(string)
  929. default = []
  930. }
  931. variable "sagemaker_notebook_endpoint_private_dns_enabled" {
  932. description = "Whether or not to associate a private hosted zone with the specified VPC for Sagemaker Notebook endpoint"
  933. type = bool
  934. default = false
  935. }
  936. variable "enable_sts_endpoint" {
  937. description = "Should be true if you want to provision a STS endpoint to the VPC"
  938. type = bool
  939. default = false
  940. }
  941. variable "sts_endpoint_security_group_ids" {
  942. description = "The ID of one or more security groups to associate with the network interface for STS endpoint"
  943. type = list(string)
  944. default = []
  945. }
  946. variable "sts_endpoint_subnet_ids" {
  947. description = "The ID of one or more subnets in which to create a network interface for STS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  948. type = list(string)
  949. default = []
  950. }
  951. variable "sts_endpoint_private_dns_enabled" {
  952. description = "Whether or not to associate a private hosted zone with the specified VPC for STS endpoint"
  953. type = bool
  954. default = false
  955. }
  956. variable "enable_cloudformation_endpoint" {
  957. description = "Should be true if you want to provision a Cloudformation endpoint to the VPC"
  958. type = bool
  959. default = false
  960. }
  961. variable "cloudformation_endpoint_security_group_ids" {
  962. description = "The ID of one or more security groups to associate with the network interface for Cloudformation endpoint"
  963. type = list(string)
  964. default = []
  965. }
  966. variable "cloudformation_endpoint_subnet_ids" {
  967. description = "The ID of one or more subnets in which to create a network interface for Cloudformation endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  968. type = list(string)
  969. default = []
  970. }
  971. variable "cloudformation_endpoint_private_dns_enabled" {
  972. description = "Whether or not to associate a private hosted zone with the specified VPC for Cloudformation endpoint"
  973. type = bool
  974. default = false
  975. }
  976. variable "enable_codepipeline_endpoint" {
  977. description = "Should be true if you want to provision a CodePipeline endpoint to the VPC"
  978. type = bool
  979. default = false
  980. }
  981. variable "codepipeline_endpoint_security_group_ids" {
  982. description = "The ID of one or more security groups to associate with the network interface for CodePipeline endpoint"
  983. type = list(string)
  984. default = []
  985. }
  986. variable "codepipeline_endpoint_subnet_ids" {
  987. description = "The ID of one or more subnets in which to create a network interface for CodePipeline endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  988. type = list(string)
  989. default = []
  990. }
  991. variable "codepipeline_endpoint_private_dns_enabled" {
  992. description = "Whether or not to associate a private hosted zone with the specified VPC for CodePipeline endpoint"
  993. type = bool
  994. default = false
  995. }
  996. variable "enable_appmesh_envoy_management_endpoint" {
  997. description = "Should be true if you want to provision a AppMesh endpoint to the VPC"
  998. type = bool
  999. default = false
  1000. }
  1001. variable "appmesh_envoy_management_endpoint_security_group_ids" {
  1002. description = "The ID of one or more security groups to associate with the network interface for AppMesh endpoint"
  1003. type = list(string)
  1004. default = []
  1005. }
  1006. variable "appmesh_envoy_management_endpoint_subnet_ids" {
  1007. description = "The ID of one or more subnets in which to create a network interface for AppMesh endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1008. type = list(string)
  1009. default = []
  1010. }
  1011. variable "appmesh_envoy_management_endpoint_private_dns_enabled" {
  1012. description = "Whether or not to associate a private hosted zone with the specified VPC for AppMesh endpoint"
  1013. type = bool
  1014. default = false
  1015. }
  1016. variable "enable_servicecatalog_endpoint" {
  1017. description = "Should be true if you want to provision a Service Catalog endpoint to the VPC"
  1018. type = bool
  1019. default = false
  1020. }
  1021. variable "servicecatalog_endpoint_security_group_ids" {
  1022. description = "The ID of one or more security groups to associate with the network interface for Service Catalog endpoint"
  1023. type = list(string)
  1024. default = []
  1025. }
  1026. variable "servicecatalog_endpoint_subnet_ids" {
  1027. description = "The ID of one or more subnets in which to create a network interface for Service Catalog endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1028. type = list(string)
  1029. default = []
  1030. }
  1031. variable "servicecatalog_endpoint_private_dns_enabled" {
  1032. description = "Whether or not to associate a private hosted zone with the specified VPC for Service Catalog endpoint"
  1033. type = bool
  1034. default = false
  1035. }
  1036. variable "enable_storagegateway_endpoint" {
  1037. description = "Should be true if you want to provision a Storage Gateway endpoint to the VPC"
  1038. type = bool
  1039. default = false
  1040. }
  1041. variable "storagegateway_endpoint_security_group_ids" {
  1042. description = "The ID of one or more security groups to associate with the network interface for Storage Gateway endpoint"
  1043. type = list(string)
  1044. default = []
  1045. }
  1046. variable "storagegateway_endpoint_subnet_ids" {
  1047. description = "The ID of one or more subnets in which to create a network interface for Storage Gateway endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1048. type = list(string)
  1049. default = []
  1050. }
  1051. variable "storagegateway_endpoint_private_dns_enabled" {
  1052. description = "Whether or not to associate a private hosted zone with the specified VPC for Storage Gateway endpoint"
  1053. type = bool
  1054. default = false
  1055. }
  1056. variable "enable_transfer_endpoint" {
  1057. description = "Should be true if you want to provision a Transfer endpoint to the VPC"
  1058. type = bool
  1059. default = false
  1060. }
  1061. variable "transfer_endpoint_security_group_ids" {
  1062. description = "The ID of one or more security groups to associate with the network interface for Transfer endpoint"
  1063. type = list(string)
  1064. default = []
  1065. }
  1066. variable "transfer_endpoint_subnet_ids" {
  1067. description = "The ID of one or more subnets in which to create a network interface for Transfer endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1068. type = list(string)
  1069. default = []
  1070. }
  1071. variable "transfer_endpoint_private_dns_enabled" {
  1072. description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer endpoint"
  1073. type = bool
  1074. default = false
  1075. }
  1076. variable "enable_sagemaker_api_endpoint" {
  1077. description = "Should be true if you want to provision a SageMaker API endpoint to the VPC"
  1078. type = bool
  1079. default = false
  1080. }
  1081. variable "sagemaker_api_endpoint_security_group_ids" {
  1082. description = "The ID of one or more security groups to associate with the network interface for SageMaker API endpoint"
  1083. type = list(string)
  1084. default = []
  1085. }
  1086. variable "sagemaker_api_endpoint_subnet_ids" {
  1087. description = "The ID of one or more subnets in which to create a network interface for SageMaker API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1088. type = list(string)
  1089. default = []
  1090. }
  1091. variable "sagemaker_api_endpoint_private_dns_enabled" {
  1092. description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker API endpoint"
  1093. type = bool
  1094. default = false
  1095. }
  1096. variable "enable_sagemaker_runtime_endpoint" {
  1097. description = "Should be true if you want to provision a SageMaker Runtime endpoint to the VPC"
  1098. type = bool
  1099. default = false
  1100. }
  1101. variable "sagemaker_runtime_endpoint_security_group_ids" {
  1102. description = "The ID of one or more security groups to associate with the network interface for SageMaker Runtime endpoint"
  1103. type = list(string)
  1104. default = []
  1105. }
  1106. variable "sagemaker_runtime_endpoint_subnet_ids" {
  1107. description = "The ID of one or more subnets in which to create a network interface for SageMaker Runtime endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1108. type = list(string)
  1109. default = []
  1110. }
  1111. variable "sagemaker_runtime_endpoint_private_dns_enabled" {
  1112. description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker Runtime endpoint"
  1113. type = bool
  1114. default = false
  1115. }
  1116. variable "enable_appstream_api_endpoint" {
  1117. description = "Should be true if you want to provision a AppStream API endpoint to the VPC"
  1118. type = bool
  1119. default = false
  1120. }
  1121. variable "appstream_api_endpoint_security_group_ids" {
  1122. description = "The ID of one or more security groups to associate with the network interface for AppStream API endpoint"
  1123. type = list(string)
  1124. default = []
  1125. }
  1126. variable "appstream_api_endpoint_subnet_ids" {
  1127. description = "The ID of one or more subnets in which to create a network interface for AppStream API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1128. type = list(string)
  1129. default = []
  1130. }
  1131. variable "appstream_api_endpoint_private_dns_enabled" {
  1132. description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream API endpoint"
  1133. type = bool
  1134. default = false
  1135. }
  1136. variable "enable_appstream_streaming_endpoint" {
  1137. description = "Should be true if you want to provision a AppStream Streaming endpoint to the VPC"
  1138. type = bool
  1139. default = false
  1140. }
  1141. variable "appstream_streaming_endpoint_security_group_ids" {
  1142. description = "The ID of one or more security groups to associate with the network interface for AppStream Streaming endpoint"
  1143. type = list(string)
  1144. default = []
  1145. }
  1146. variable "appstream_streaming_endpoint_subnet_ids" {
  1147. description = "The ID of one or more subnets in which to create a network interface for AppStream Streaming endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1148. type = list(string)
  1149. default = []
  1150. }
  1151. variable "appstream_streaming_endpoint_private_dns_enabled" {
  1152. description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream Streaming endpoint"
  1153. type = bool
  1154. default = false
  1155. }
  1156. variable "enable_athena_endpoint" {
  1157. description = "Should be true if you want to provision a Athena endpoint to the VPC"
  1158. type = bool
  1159. default = false
  1160. }
  1161. variable "athena_endpoint_security_group_ids" {
  1162. description = "The ID of one or more security groups to associate with the network interface for Athena endpoint"
  1163. type = list(string)
  1164. default = []
  1165. }
  1166. variable "athena_endpoint_subnet_ids" {
  1167. description = "The ID of one or more subnets in which to create a network interface for Athena endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1168. type = list(string)
  1169. default = []
  1170. }
  1171. variable "athena_endpoint_private_dns_enabled" {
  1172. description = "Whether or not to associate a private hosted zone with the specified VPC for Athena endpoint"
  1173. type = bool
  1174. default = false
  1175. }
  1176. variable "enable_rekognition_endpoint" {
  1177. description = "Should be true if you want to provision a Rekognition endpoint to the VPC"
  1178. type = bool
  1179. default = false
  1180. }
  1181. variable "rekognition_endpoint_security_group_ids" {
  1182. description = "The ID of one or more security groups to associate with the network interface for Rekognition endpoint"
  1183. type = list(string)
  1184. default = []
  1185. }
  1186. variable "rekognition_endpoint_subnet_ids" {
  1187. description = "The ID of one or more subnets in which to create a network interface for Rekognition endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1188. type = list(string)
  1189. default = []
  1190. }
  1191. variable "rekognition_endpoint_private_dns_enabled" {
  1192. description = "Whether or not to associate a private hosted zone with the specified VPC for Rekognition endpoint"
  1193. type = bool
  1194. default = false
  1195. }
  1196. variable "enable_efs_endpoint" {
  1197. description = "Should be true if you want to provision an EFS endpoint to the VPC"
  1198. type = bool
  1199. default = false
  1200. }
  1201. variable "efs_endpoint_security_group_ids" {
  1202. description = "The ID of one or more security groups to associate with the network interface for EFS endpoint"
  1203. type = list(string)
  1204. default = []
  1205. }
  1206. variable "efs_endpoint_subnet_ids" {
  1207. description = "The ID of one or more subnets in which to create a network interface for EFS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1208. type = list(string)
  1209. default = []
  1210. }
  1211. variable "efs_endpoint_private_dns_enabled" {
  1212. description = "Whether or not to associate a private hosted zone with the specified VPC for EFS endpoint"
  1213. type = bool
  1214. default = false
  1215. }
  1216. variable "enable_cloud_directory_endpoint" {
  1217. description = "Should be true if you want to provision an Cloud Directory endpoint to the VPC"
  1218. type = bool
  1219. default = false
  1220. }
  1221. variable "cloud_directory_endpoint_security_group_ids" {
  1222. description = "The ID of one or more security groups to associate with the network interface for Cloud Directory endpoint"
  1223. type = list(string)
  1224. default = []
  1225. }
  1226. variable "cloud_directory_endpoint_subnet_ids" {
  1227. description = "The ID of one or more subnets in which to create a network interface for Cloud Directory endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1228. type = list(string)
  1229. default = []
  1230. }
  1231. variable "cloud_directory_endpoint_private_dns_enabled" {
  1232. description = "Whether or not to associate a private hosted zone with the specified VPC for Cloud Directory endpoint"
  1233. type = bool
  1234. default = false
  1235. }
  1236. variable "enable_ses_endpoint" {
  1237. description = "Should be true if you want to provision an SES endpoint to the VPC"
  1238. type = bool
  1239. default = false
  1240. }
  1241. variable "ses_endpoint_security_group_ids" {
  1242. description = "The ID of one or more security groups to associate with the network interface for SES endpoint"
  1243. type = list(string)
  1244. default = []
  1245. }
  1246. variable "ses_endpoint_subnet_ids" {
  1247. description = "The ID of one or more subnets in which to create a network interface for SES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1248. type = list(string)
  1249. default = []
  1250. }
  1251. variable "enable_auto_scaling_plans_endpoint" {
  1252. description = "Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC"
  1253. type = bool
  1254. default = false
  1255. }
  1256. variable "auto_scaling_plans_endpoint_security_group_ids" {
  1257. description = "The ID of one or more security groups to associate with the network interface for Auto Scaling Plans endpoint"
  1258. type = list(string)
  1259. default = []
  1260. }
  1261. variable "auto_scaling_plans_endpoint_subnet_ids" {
  1262. description = "The ID of one or more subnets in which to create a network interface for Auto Scaling Plans endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1263. type = list(string)
  1264. default = []
  1265. }
  1266. variable "auto_scaling_plans_endpoint_private_dns_enabled" {
  1267. description = "Whether or not to associate a private hosted zone with the specified VPC for Auto Scaling Plans endpoint"
  1268. type = bool
  1269. default = false
  1270. }
  1271. variable "ses_endpoint_private_dns_enabled" {
  1272. description = "Whether or not to associate a private hosted zone with the specified VPC for SES endpoint"
  1273. type = bool
  1274. default = false
  1275. }
  1276. variable "enable_workspaces_endpoint" {
  1277. description = "Should be true if you want to provision an Workspaces endpoint to the VPC"
  1278. type = bool
  1279. default = false
  1280. }
  1281. variable "workspaces_endpoint_security_group_ids" {
  1282. description = "The ID of one or more security groups to associate with the network interface for Workspaces endpoint"
  1283. type = list(string)
  1284. default = []
  1285. }
  1286. variable "workspaces_endpoint_subnet_ids" {
  1287. description = "The ID of one or more subnets in which to create a network interface for Workspaces endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1288. type = list(string)
  1289. default = []
  1290. }
  1291. variable "workspaces_endpoint_private_dns_enabled" {
  1292. description = "Whether or not to associate a private hosted zone with the specified VPC for Workspaces endpoint"
  1293. type = bool
  1294. default = false
  1295. }
  1296. variable "enable_access_analyzer_endpoint" {
  1297. description = "Should be true if you want to provision an Access Analyzer endpoint to the VPC"
  1298. type = bool
  1299. default = false
  1300. }
  1301. variable "access_analyzer_endpoint_security_group_ids" {
  1302. description = "The ID of one or more security groups to associate with the network interface for Access Analyzer endpoint"
  1303. type = list(string)
  1304. default = []
  1305. }
  1306. variable "access_analyzer_endpoint_subnet_ids" {
  1307. description = "The ID of one or more subnets in which to create a network interface for Access Analyzer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1308. type = list(string)
  1309. default = []
  1310. }
  1311. variable "access_analyzer_endpoint_private_dns_enabled" {
  1312. description = "Whether or not to associate a private hosted zone with the specified VPC for Access Analyzer endpoint"
  1313. type = bool
  1314. default = false
  1315. }
  1316. variable "enable_ebs_endpoint" {
  1317. description = "Should be true if you want to provision an EBS endpoint to the VPC"
  1318. type = bool
  1319. default = false
  1320. }
  1321. variable "ebs_endpoint_security_group_ids" {
  1322. description = "The ID of one or more security groups to associate with the network interface for EBS endpoint"
  1323. type = list(string)
  1324. default = []
  1325. }
  1326. variable "ebs_endpoint_subnet_ids" {
  1327. description = "The ID of one or more subnets in which to create a network interface for EBS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1328. type = list(string)
  1329. default = []
  1330. }
  1331. variable "ebs_endpoint_private_dns_enabled" {
  1332. description = "Whether or not to associate a private hosted zone with the specified VPC for EBS endpoint"
  1333. type = bool
  1334. default = false
  1335. }
  1336. variable "enable_datasync_endpoint" {
  1337. description = "Should be true if you want to provision an Data Sync endpoint to the VPC"
  1338. type = bool
  1339. default = false
  1340. }
  1341. variable "datasync_endpoint_security_group_ids" {
  1342. description = "The ID of one or more security groups to associate with the network interface for Data Sync endpoint"
  1343. type = list(string)
  1344. default = []
  1345. }
  1346. variable "datasync_endpoint_subnet_ids" {
  1347. description = "The ID of one or more subnets in which to create a network interface for Data Sync endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1348. type = list(string)
  1349. default = []
  1350. }
  1351. variable "datasync_endpoint_private_dns_enabled" {
  1352. description = "Whether or not to associate a private hosted zone with the specified VPC for Data Sync endpoint"
  1353. type = bool
  1354. default = false
  1355. }
  1356. variable "enable_elastic_inference_runtime_endpoint" {
  1357. description = "Should be true if you want to provision an Elastic Inference Runtime endpoint to the VPC"
  1358. type = bool
  1359. default = false
  1360. }
  1361. variable "elastic_inference_runtime_endpoint_security_group_ids" {
  1362. description = "The ID of one or more security groups to associate with the network interface for Elastic Inference Runtime endpoint"
  1363. type = list(string)
  1364. default = []
  1365. }
  1366. variable "elastic_inference_runtime_endpoint_subnet_ids" {
  1367. description = "The ID of one or more subnets in which to create a network interface for Elastic Inference Runtime endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1368. type = list(string)
  1369. default = []
  1370. }
  1371. variable "elastic_inference_runtime_endpoint_private_dns_enabled" {
  1372. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Inference Runtime endpoint"
  1373. type = bool
  1374. default = false
  1375. }
  1376. variable "enable_sms_endpoint" {
  1377. description = "Should be true if you want to provision an SMS endpoint to the VPC"
  1378. type = bool
  1379. default = false
  1380. }
  1381. variable "sms_endpoint_security_group_ids" {
  1382. description = "The ID of one or more security groups to associate with the network interface for SMS endpoint"
  1383. type = list(string)
  1384. default = []
  1385. }
  1386. variable "sms_endpoint_subnet_ids" {
  1387. description = "The ID of one or more subnets in which to create a network interface for SMS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1388. type = list(string)
  1389. default = []
  1390. }
  1391. variable "sms_endpoint_private_dns_enabled" {
  1392. description = "Whether or not to associate a private hosted zone with the specified VPC for SMS endpoint"
  1393. type = bool
  1394. default = false
  1395. }
  1396. variable "enable_emr_endpoint" {
  1397. description = "Should be true if you want to provision an EMR endpoint to the VPC"
  1398. type = bool
  1399. default = false
  1400. }
  1401. variable "emr_endpoint_security_group_ids" {
  1402. description = "The ID of one or more security groups to associate with the network interface for EMR endpoint"
  1403. type = list(string)
  1404. default = []
  1405. }
  1406. variable "emr_endpoint_subnet_ids" {
  1407. description = "The ID of one or more subnets in which to create a network interface for EMR endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1408. type = list(string)
  1409. default = []
  1410. }
  1411. variable "emr_endpoint_private_dns_enabled" {
  1412. description = "Whether or not to associate a private hosted zone with the specified VPC for EMR endpoint"
  1413. type = bool
  1414. default = false
  1415. }
  1416. variable "enable_qldb_session_endpoint" {
  1417. description = "Should be true if you want to provision an QLDB Session endpoint to the VPC"
  1418. type = bool
  1419. default = false
  1420. }
  1421. variable "qldb_session_endpoint_security_group_ids" {
  1422. description = "The ID of one or more security groups to associate with the network interface for QLDB Session endpoint"
  1423. type = list(string)
  1424. default = []
  1425. }
  1426. variable "qldb_session_endpoint_subnet_ids" {
  1427. description = "The ID of one or more subnets in which to create a network interface for QLDB Session endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1428. type = list(string)
  1429. default = []
  1430. }
  1431. variable "qldb_session_endpoint_private_dns_enabled" {
  1432. description = "Whether or not to associate a private hosted zone with the specified VPC for QLDB Session endpoint"
  1433. type = bool
  1434. default = false
  1435. }
  1436. variable "enable_elasticbeanstalk_endpoint" {
  1437. description = "Should be true if you want to provision a Elastic Beanstalk endpoint to the VPC"
  1438. type = bool
  1439. default = false
  1440. }
  1441. variable "elasticbeanstalk_endpoint_security_group_ids" {
  1442. description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk endpoint"
  1443. type = list(string)
  1444. default = []
  1445. }
  1446. variable "elasticbeanstalk_endpoint_subnet_ids" {
  1447. description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1448. type = list(string)
  1449. default = []
  1450. }
  1451. variable "elasticbeanstalk_endpoint_private_dns_enabled" {
  1452. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk endpoint"
  1453. type = bool
  1454. default = false
  1455. }
  1456. variable "enable_elasticbeanstalk_health_endpoint" {
  1457. description = "Should be true if you want to provision a Elastic Beanstalk Health endpoint to the VPC"
  1458. type = bool
  1459. default = false
  1460. }
  1461. variable "elasticbeanstalk_health_endpoint_security_group_ids" {
  1462. description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk Health endpoint"
  1463. type = list(string)
  1464. default = []
  1465. }
  1466. variable "elasticbeanstalk_health_endpoint_subnet_ids" {
  1467. description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk Health endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1468. type = list(string)
  1469. default = []
  1470. }
  1471. variable "elasticbeanstalk_health_endpoint_private_dns_enabled" {
  1472. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk Health endpoint"
  1473. type = bool
  1474. default = false
  1475. }
  1476. variable "enable_states_endpoint" {
  1477. description = "Should be true if you want to provision a Step Function endpoint to the VPC"
  1478. type = bool
  1479. default = false
  1480. }
  1481. variable "states_endpoint_security_group_ids" {
  1482. description = "The ID of one or more security groups to associate with the network interface for Step Function endpoint"
  1483. type = list(string)
  1484. default = []
  1485. }
  1486. variable "states_endpoint_subnet_ids" {
  1487. description = "The ID of one or more subnets in which to create a network interface for Step Function endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1488. type = list(string)
  1489. default = []
  1490. }
  1491. variable "states_endpoint_private_dns_enabled" {
  1492. description = "Whether or not to associate a private hosted zone with the specified VPC for Step Function endpoint"
  1493. type = bool
  1494. default = false
  1495. }
  1496. variable "enable_acm_pca_endpoint" {
  1497. description = "Should be true if you want to provision an ACM PCA endpoint to the VPC"
  1498. type = bool
  1499. default = false
  1500. }
  1501. variable "enable_rds_endpoint" {
  1502. description = "Should be true if you want to provision an RDS endpoint to the VPC"
  1503. type = bool
  1504. default = false
  1505. }
  1506. variable "rds_endpoint_security_group_ids" {
  1507. description = "The ID of one or more security groups to associate with the network interface for RDS endpoint"
  1508. type = list(string)
  1509. default = []
  1510. }
  1511. variable "rds_endpoint_subnet_ids" {
  1512. description = "The ID of one or more subnets in which to create a network interface for RDS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1513. type = list(string)
  1514. default = []
  1515. }
  1516. variable "rds_endpoint_private_dns_enabled" {
  1517. description = "Whether or not to associate a private hosted zone with the specified VPC for RDS endpoint"
  1518. type = bool
  1519. default = false
  1520. }
  1521. variable "enable_codedeploy_endpoint" {
  1522. description = "Should be true if you want to provision an CodeDeploy endpoint to the VPC"
  1523. type = bool
  1524. default = false
  1525. }
  1526. variable "codedeploy_endpoint_security_group_ids" {
  1527. description = "The ID of one or more security groups to associate with the network interface for CodeDeploy endpoint"
  1528. type = list(string)
  1529. default = []
  1530. }
  1531. variable "codedeploy_endpoint_subnet_ids" {
  1532. description = "The ID of one or more subnets in which to create a network interface for CodeDeploy endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1533. type = list(string)
  1534. default = []
  1535. }
  1536. variable "codedeploy_endpoint_private_dns_enabled" {
  1537. description = "Whether or not to associate a private hosted zone with the specified VPC for CodeDeploy endpoint"
  1538. type = bool
  1539. default = false
  1540. }
  1541. variable "enable_codedeploy_commands_secure_endpoint" {
  1542. description = "Should be true if you want to provision an CodeDeploy Commands Secure endpoint to the VPC"
  1543. type = bool
  1544. default = false
  1545. }
  1546. variable "codedeploy_commands_secure_endpoint_security_group_ids" {
  1547. description = "The ID of one or more security groups to associate with the network interface for CodeDeploy Commands Secure endpoint"
  1548. type = list(string)
  1549. default = []
  1550. }
  1551. variable "codedeploy_commands_secure_endpoint_subnet_ids" {
  1552. description = "The ID of one or more subnets in which to create a network interface for CodeDeploy Commands Secure endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1553. type = list(string)
  1554. default = []
  1555. }
  1556. variable "codedeploy_commands_secure_endpoint_private_dns_enabled" {
  1557. description = "Whether or not to associate a private hosted zone with the specified VPC for CodeDeploy Commands Secure endpoint"
  1558. type = bool
  1559. default = false
  1560. }
  1561. variable "acm_pca_endpoint_security_group_ids" {
  1562. description = "The ID of one or more security groups to associate with the network interface for ACM PCA endpoint"
  1563. type = list(string)
  1564. default = []
  1565. }
  1566. variable "acm_pca_endpoint_subnet_ids" {
  1567. description = "The ID of one or more subnets in which to create a network interface for ACM PCA endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1568. type = list(string)
  1569. default = []
  1570. }
  1571. variable "acm_pca_endpoint_private_dns_enabled" {
  1572. description = "Whether or not to associate a private hosted zone with the specified VPC for ACM PCA endpoint"
  1573. type = bool
  1574. default = false
  1575. }
  1576. variable "map_public_ip_on_launch" {
  1577. description = "Should be false if you do not want to auto-assign public IP on launch"
  1578. type = bool
  1579. default = true
  1580. }
  1581. variable "customer_gateways" {
  1582. description = "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)"
  1583. type = map(map(any))
  1584. default = {}
  1585. }
  1586. variable "enable_vpn_gateway" {
  1587. description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
  1588. type = bool
  1589. default = false
  1590. }
  1591. variable "vpn_gateway_id" {
  1592. description = "ID of VPN Gateway to attach to the VPC"
  1593. type = string
  1594. default = ""
  1595. }
  1596. variable "amazon_side_asn" {
  1597. description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN."
  1598. type = string
  1599. default = "64512"
  1600. }
  1601. variable "vpn_gateway_az" {
  1602. description = "The Availability Zone for the VPN Gateway"
  1603. type = string
  1604. default = null
  1605. }
  1606. variable "propagate_intra_route_tables_vgw" {
  1607. description = "Should be true if you want route table propagation"
  1608. type = bool
  1609. default = false
  1610. }
  1611. variable "propagate_private_route_tables_vgw" {
  1612. description = "Should be true if you want route table propagation"
  1613. type = bool
  1614. default = false
  1615. }
  1616. variable "propagate_public_route_tables_vgw" {
  1617. description = "Should be true if you want route table propagation"
  1618. type = bool
  1619. default = false
  1620. }
  1621. variable "tags" {
  1622. description = "A map of tags to add to all resources"
  1623. type = map(string)
  1624. default = {}
  1625. }
  1626. variable "vpc_tags" {
  1627. description = "Additional tags for the VPC"
  1628. type = map(string)
  1629. default = {}
  1630. }
  1631. variable "igw_tags" {
  1632. description = "Additional tags for the internet gateway"
  1633. type = map(string)
  1634. default = {}
  1635. }
  1636. variable "public_subnet_tags" {
  1637. description = "Additional tags for the public subnets"
  1638. type = map(string)
  1639. default = {}
  1640. }
  1641. variable "private_subnet_tags" {
  1642. description = "Additional tags for the private subnets"
  1643. type = map(string)
  1644. default = {}
  1645. }
  1646. variable "public_route_table_tags" {
  1647. description = "Additional tags for the public route tables"
  1648. type = map(string)
  1649. default = {}
  1650. }
  1651. variable "private_route_table_tags" {
  1652. description = "Additional tags for the private route tables"
  1653. type = map(string)
  1654. default = {}
  1655. }
  1656. variable "database_route_table_tags" {
  1657. description = "Additional tags for the database route tables"
  1658. type = map(string)
  1659. default = {}
  1660. }
  1661. variable "redshift_route_table_tags" {
  1662. description = "Additional tags for the redshift route tables"
  1663. type = map(string)
  1664. default = {}
  1665. }
  1666. variable "elasticache_route_table_tags" {
  1667. description = "Additional tags for the elasticache route tables"
  1668. type = map(string)
  1669. default = {}
  1670. }
  1671. variable "intra_route_table_tags" {
  1672. description = "Additional tags for the intra route tables"
  1673. type = map(string)
  1674. default = {}
  1675. }
  1676. variable "database_subnet_tags" {
  1677. description = "Additional tags for the database subnets"
  1678. type = map(string)
  1679. default = {}
  1680. }
  1681. variable "database_subnet_group_tags" {
  1682. description = "Additional tags for the database subnet group"
  1683. type = map(string)
  1684. default = {}
  1685. }
  1686. variable "redshift_subnet_tags" {
  1687. description = "Additional tags for the redshift subnets"
  1688. type = map(string)
  1689. default = {}
  1690. }
  1691. variable "redshift_subnet_group_tags" {
  1692. description = "Additional tags for the redshift subnet group"
  1693. type = map(string)
  1694. default = {}
  1695. }
  1696. variable "elasticache_subnet_tags" {
  1697. description = "Additional tags for the elasticache subnets"
  1698. type = map(string)
  1699. default = {}
  1700. }
  1701. variable "intra_subnet_tags" {
  1702. description = "Additional tags for the intra subnets"
  1703. type = map(string)
  1704. default = {}
  1705. }
  1706. variable "public_acl_tags" {
  1707. description = "Additional tags for the public subnets network ACL"
  1708. type = map(string)
  1709. default = {}
  1710. }
  1711. variable "private_acl_tags" {
  1712. description = "Additional tags for the private subnets network ACL"
  1713. type = map(string)
  1714. default = {}
  1715. }
  1716. variable "intra_acl_tags" {
  1717. description = "Additional tags for the intra subnets network ACL"
  1718. type = map(string)
  1719. default = {}
  1720. }
  1721. variable "database_acl_tags" {
  1722. description = "Additional tags for the database subnets network ACL"
  1723. type = map(string)
  1724. default = {}
  1725. }
  1726. variable "redshift_acl_tags" {
  1727. description = "Additional tags for the redshift subnets network ACL"
  1728. type = map(string)
  1729. default = {}
  1730. }
  1731. variable "elasticache_acl_tags" {
  1732. description = "Additional tags for the elasticache subnets network ACL"
  1733. type = map(string)
  1734. default = {}
  1735. }
  1736. variable "dhcp_options_tags" {
  1737. description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)"
  1738. type = map(string)
  1739. default = {}
  1740. }
  1741. variable "nat_gateway_tags" {
  1742. description = "Additional tags for the NAT gateways"
  1743. type = map(string)
  1744. default = {}
  1745. }
  1746. variable "nat_eip_tags" {
  1747. description = "Additional tags for the NAT EIP"
  1748. type = map(string)
  1749. default = {}
  1750. }
  1751. variable "customer_gateway_tags" {
  1752. description = "Additional tags for the Customer Gateway"
  1753. type = map(string)
  1754. default = {}
  1755. }
  1756. variable "vpn_gateway_tags" {
  1757. description = "Additional tags for the VPN gateway"
  1758. type = map(string)
  1759. default = {}
  1760. }
  1761. variable "vpc_endpoint_tags" {
  1762. description = "Additional tags for the VPC Endpoints"
  1763. type = map(string)
  1764. default = {}
  1765. }
  1766. variable "vpc_flow_log_tags" {
  1767. description = "Additional tags for the VPC Flow Logs"
  1768. type = map(string)
  1769. default = {}
  1770. }
  1771. variable "enable_dhcp_options" {
  1772. description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
  1773. type = bool
  1774. default = false
  1775. }
  1776. variable "dhcp_options_domain_name" {
  1777. description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)"
  1778. type = string
  1779. default = ""
  1780. }
  1781. variable "dhcp_options_domain_name_servers" {
  1782. description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)"
  1783. type = list(string)
  1784. default = ["AmazonProvidedDNS"]
  1785. }
  1786. variable "dhcp_options_ntp_servers" {
  1787. description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)"
  1788. type = list(string)
  1789. default = []
  1790. }
  1791. variable "dhcp_options_netbios_name_servers" {
  1792. description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)"
  1793. type = list(string)
  1794. default = []
  1795. }
  1796. variable "dhcp_options_netbios_node_type" {
  1797. description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)"
  1798. type = string
  1799. default = ""
  1800. }
  1801. variable "manage_default_vpc" {
  1802. description = "Should be true to adopt and manage Default VPC"
  1803. type = bool
  1804. default = false
  1805. }
  1806. variable "default_vpc_name" {
  1807. description = "Name to be used on the Default VPC"
  1808. type = string
  1809. default = ""
  1810. }
  1811. variable "default_vpc_enable_dns_support" {
  1812. description = "Should be true to enable DNS support in the Default VPC"
  1813. type = bool
  1814. default = true
  1815. }
  1816. variable "default_vpc_enable_dns_hostnames" {
  1817. description = "Should be true to enable DNS hostnames in the Default VPC"
  1818. type = bool
  1819. default = false
  1820. }
  1821. variable "default_vpc_enable_classiclink" {
  1822. description = "Should be true to enable ClassicLink in the Default VPC"
  1823. type = bool
  1824. default = false
  1825. }
  1826. variable "default_vpc_tags" {
  1827. description = "Additional tags for the Default VPC"
  1828. type = map(string)
  1829. default = {}
  1830. }
  1831. variable "manage_default_network_acl" {
  1832. description = "Should be true to adopt and manage Default Network ACL"
  1833. type = bool
  1834. default = false
  1835. }
  1836. variable "default_network_acl_name" {
  1837. description = "Name to be used on the Default Network ACL"
  1838. type = string
  1839. default = ""
  1840. }
  1841. variable "default_network_acl_tags" {
  1842. description = "Additional tags for the Default Network ACL"
  1843. type = map(string)
  1844. default = {}
  1845. }
  1846. variable "public_dedicated_network_acl" {
  1847. description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
  1848. type = bool
  1849. default = false
  1850. }
  1851. variable "private_dedicated_network_acl" {
  1852. description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
  1853. type = bool
  1854. default = false
  1855. }
  1856. variable "intra_dedicated_network_acl" {
  1857. description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets"
  1858. type = bool
  1859. default = false
  1860. }
  1861. variable "database_dedicated_network_acl" {
  1862. description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets"
  1863. type = bool
  1864. default = false
  1865. }
  1866. variable "redshift_dedicated_network_acl" {
  1867. description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets"
  1868. type = bool
  1869. default = false
  1870. }
  1871. variable "elasticache_dedicated_network_acl" {
  1872. description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets"
  1873. type = bool
  1874. default = false
  1875. }
  1876. variable "default_network_acl_ingress" {
  1877. description = "List of maps of ingress rules to set on the Default Network ACL"
  1878. type = list(map(string))
  1879. default = [
  1880. {
  1881. rule_no = 100
  1882. action = "allow"
  1883. from_port = 0
  1884. to_port = 0
  1885. protocol = "-1"
  1886. cidr_block = "0.0.0.0/0"
  1887. },
  1888. {
  1889. rule_no = 101
  1890. action = "allow"
  1891. from_port = 0
  1892. to_port = 0
  1893. protocol = "-1"
  1894. ipv6_cidr_block = "::/0"
  1895. },
  1896. ]
  1897. }
  1898. variable "default_network_acl_egress" {
  1899. description = "List of maps of egress rules to set on the Default Network ACL"
  1900. type = list(map(string))
  1901. default = [
  1902. {
  1903. rule_no = 100
  1904. action = "allow"
  1905. from_port = 0
  1906. to_port = 0
  1907. protocol = "-1"
  1908. cidr_block = "0.0.0.0/0"
  1909. },
  1910. {
  1911. rule_no = 101
  1912. action = "allow"
  1913. from_port = 0
  1914. to_port = 0
  1915. protocol = "-1"
  1916. ipv6_cidr_block = "::/0"
  1917. },
  1918. ]
  1919. }
  1920. variable "public_inbound_acl_rules" {
  1921. description = "Public subnets inbound network ACLs"
  1922. type = list(map(string))
  1923. default = [
  1924. {
  1925. rule_number = 100
  1926. rule_action = "allow"
  1927. from_port = 0
  1928. to_port = 0
  1929. protocol = "-1"
  1930. cidr_block = "0.0.0.0/0"
  1931. },
  1932. ]
  1933. }
  1934. variable "public_outbound_acl_rules" {
  1935. description = "Public subnets outbound network ACLs"
  1936. type = list(map(string))
  1937. default = [
  1938. {
  1939. rule_number = 100
  1940. rule_action = "allow"
  1941. from_port = 0
  1942. to_port = 0
  1943. protocol = "-1"
  1944. cidr_block = "0.0.0.0/0"
  1945. },
  1946. ]
  1947. }
  1948. variable "private_inbound_acl_rules" {
  1949. description = "Private subnets inbound network ACLs"
  1950. type = list(map(string))
  1951. default = [
  1952. {
  1953. rule_number = 100
  1954. rule_action = "allow"
  1955. from_port = 0
  1956. to_port = 0
  1957. protocol = "-1"
  1958. cidr_block = "0.0.0.0/0"
  1959. },
  1960. ]
  1961. }
  1962. variable "private_outbound_acl_rules" {
  1963. description = "Private subnets outbound network ACLs"
  1964. type = list(map(string))
  1965. default = [
  1966. {
  1967. rule_number = 100
  1968. rule_action = "allow"
  1969. from_port = 0
  1970. to_port = 0
  1971. protocol = "-1"
  1972. cidr_block = "0.0.0.0/0"
  1973. },
  1974. ]
  1975. }
  1976. variable "intra_inbound_acl_rules" {
  1977. description = "Intra subnets inbound network ACLs"
  1978. type = list(map(string))
  1979. default = [
  1980. {
  1981. rule_number = 100
  1982. rule_action = "allow"
  1983. from_port = 0
  1984. to_port = 0
  1985. protocol = "-1"
  1986. cidr_block = "0.0.0.0/0"
  1987. },
  1988. ]
  1989. }
  1990. variable "intra_outbound_acl_rules" {
  1991. description = "Intra subnets outbound network ACLs"
  1992. type = list(map(string))
  1993. default = [
  1994. {
  1995. rule_number = 100
  1996. rule_action = "allow"
  1997. from_port = 0
  1998. to_port = 0
  1999. protocol = "-1"
  2000. cidr_block = "0.0.0.0/0"
  2001. },
  2002. ]
  2003. }
  2004. variable "database_inbound_acl_rules" {
  2005. description = "Database subnets inbound network ACL rules"
  2006. type = list(map(string))
  2007. default = [
  2008. {
  2009. rule_number = 100
  2010. rule_action = "allow"
  2011. from_port = 0
  2012. to_port = 0
  2013. protocol = "-1"
  2014. cidr_block = "0.0.0.0/0"
  2015. },
  2016. ]
  2017. }
  2018. variable "database_outbound_acl_rules" {
  2019. description = "Database subnets outbound network ACL rules"
  2020. type = list(map(string))
  2021. default = [
  2022. {
  2023. rule_number = 100
  2024. rule_action = "allow"
  2025. from_port = 0
  2026. to_port = 0
  2027. protocol = "-1"
  2028. cidr_block = "0.0.0.0/0"
  2029. },
  2030. ]
  2031. }
  2032. variable "redshift_inbound_acl_rules" {
  2033. description = "Redshift subnets inbound network ACL rules"
  2034. type = list(map(string))
  2035. default = [
  2036. {
  2037. rule_number = 100
  2038. rule_action = "allow"
  2039. from_port = 0
  2040. to_port = 0
  2041. protocol = "-1"
  2042. cidr_block = "0.0.0.0/0"
  2043. },
  2044. ]
  2045. }
  2046. variable "redshift_outbound_acl_rules" {
  2047. description = "Redshift subnets outbound network ACL rules"
  2048. type = list(map(string))
  2049. default = [
  2050. {
  2051. rule_number = 100
  2052. rule_action = "allow"
  2053. from_port = 0
  2054. to_port = 0
  2055. protocol = "-1"
  2056. cidr_block = "0.0.0.0/0"
  2057. },
  2058. ]
  2059. }
  2060. variable "elasticache_inbound_acl_rules" {
  2061. description = "Elasticache subnets inbound network ACL rules"
  2062. type = list(map(string))
  2063. default = [
  2064. {
  2065. rule_number = 100
  2066. rule_action = "allow"
  2067. from_port = 0
  2068. to_port = 0
  2069. protocol = "-1"
  2070. cidr_block = "0.0.0.0/0"
  2071. },
  2072. ]
  2073. }
  2074. variable "elasticache_outbound_acl_rules" {
  2075. description = "Elasticache subnets outbound network ACL rules"
  2076. type = list(map(string))
  2077. default = [
  2078. {
  2079. rule_number = 100
  2080. rule_action = "allow"
  2081. from_port = 0
  2082. to_port = 0
  2083. protocol = "-1"
  2084. cidr_block = "0.0.0.0/0"
  2085. },
  2086. ]
  2087. }
  2088. variable "manage_default_security_group" {
  2089. description = "Should be true to adopt and manage default security group"
  2090. type = bool
  2091. default = false
  2092. }
  2093. variable "default_security_group_name" {
  2094. description = "Name to be used on the default security group"
  2095. type = string
  2096. default = "default"
  2097. }
  2098. variable "default_security_group_ingress" {
  2099. description = "List of maps of ingress rules to set on the default security group"
  2100. type = list(map(string))
  2101. default = null
  2102. }
  2103. variable "enable_flow_log" {
  2104. description = "Whether or not to enable VPC Flow Logs"
  2105. type = bool
  2106. default = false
  2107. }
  2108. variable "default_security_group_egress" {
  2109. description = "List of maps of egress rules to set on the default security group"
  2110. type = list(map(string))
  2111. default = null
  2112. }
  2113. variable "default_security_group_tags" {
  2114. description = "Additional tags for the default security group"
  2115. type = map(string)
  2116. default = {}
  2117. }
  2118. variable "create_flow_log_cloudwatch_log_group" {
  2119. description = "Whether to create CloudWatch log group for VPC Flow Logs"
  2120. type = bool
  2121. default = false
  2122. }
  2123. variable "create_flow_log_cloudwatch_iam_role" {
  2124. description = "Whether to create IAM role for VPC Flow Logs"
  2125. type = bool
  2126. default = false
  2127. }
  2128. variable "flow_log_traffic_type" {
  2129. description = "The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL."
  2130. type = string
  2131. default = "ALL"
  2132. }
  2133. variable "flow_log_destination_type" {
  2134. description = "Type of flow log destination. Can be s3 or cloud-watch-logs."
  2135. type = string
  2136. default = "cloud-watch-logs"
  2137. }
  2138. variable "flow_log_log_format" {
  2139. description = "The fields to include in the flow log record, in the order in which they should appear."
  2140. type = string
  2141. default = null
  2142. }
  2143. variable "flow_log_destination_arn" {
  2144. description = "The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided."
  2145. type = string
  2146. default = ""
  2147. }
  2148. variable "flow_log_cloudwatch_iam_role_arn" {
  2149. description = "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided."
  2150. type = string
  2151. default = ""
  2152. }
  2153. variable "flow_log_cloudwatch_log_group_name_prefix" {
  2154. description = "Specifies the name prefix of CloudWatch Log Group for VPC flow logs."
  2155. type = string
  2156. default = "/aws/vpc-flow-log/"
  2157. }
  2158. variable "flow_log_cloudwatch_log_group_retention_in_days" {
  2159. description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs."
  2160. type = number
  2161. default = null
  2162. }
  2163. variable "flow_log_cloudwatch_log_group_kms_key_id" {
  2164. description = "The ARN of the KMS Key to use when encrypting log data for VPC flow logs."
  2165. type = string
  2166. default = null
  2167. }
  2168. variable "flow_log_max_aggregation_interval" {
  2169. description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds."
  2170. type = number
  2171. default = 600
  2172. }
  2173. variable "create_igw" {
  2174. description = "Controls if an Internet Gateway is created for public subnets and the related routes that connect them."
  2175. type = bool
  2176. default = true
  2177. }
  2178. variable "create_egress_only_igw" {
  2179. description = "Controls if an Egress Only Internet Gateway is created and its related routes."
  2180. type = bool
  2181. default = true
  2182. }