This is a mirror of the official AWS VPC module from github. (Prevents failed clones happening frequently when using github).
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

2605 linhas
87KB

  1. variable "create_vpc" {
  2. description = "Controls if VPC should be created (it affects almost all resources)"
  3. type = bool
  4. default = true
  5. }
  6. variable "name" {
  7. description = "Name to be used on all the resources as identifier"
  8. type = string
  9. default = ""
  10. }
  11. variable "cidr" {
  12. description = "The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden"
  13. type = string
  14. default = "0.0.0.0/0"
  15. }
  16. variable "enable_ipv6" {
  17. description = "Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block."
  18. type = bool
  19. default = false
  20. }
  21. variable "private_subnet_ipv6_prefixes" {
  22. description = "Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  23. type = list(string)
  24. default = []
  25. }
  26. variable "public_subnet_ipv6_prefixes" {
  27. description = "Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  28. type = list(string)
  29. default = []
  30. }
  31. variable "database_subnet_ipv6_prefixes" {
  32. description = "Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  33. type = list(string)
  34. default = []
  35. }
  36. variable "redshift_subnet_ipv6_prefixes" {
  37. description = "Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  38. type = list(string)
  39. default = []
  40. }
  41. variable "elasticache_subnet_ipv6_prefixes" {
  42. description = "Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  43. type = list(string)
  44. default = []
  45. }
  46. variable "intra_subnet_ipv6_prefixes" {
  47. description = "Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list"
  48. type = list(string)
  49. default = []
  50. }
  51. variable "assign_ipv6_address_on_creation" {
  52. description = "Assign IPv6 address on subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  53. type = bool
  54. default = false
  55. }
  56. variable "private_subnet_assign_ipv6_address_on_creation" {
  57. description = "Assign IPv6 address on private subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  58. type = bool
  59. default = null
  60. }
  61. variable "public_subnet_assign_ipv6_address_on_creation" {
  62. description = "Assign IPv6 address on public subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  63. type = bool
  64. default = null
  65. }
  66. variable "database_subnet_assign_ipv6_address_on_creation" {
  67. description = "Assign IPv6 address on database subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  68. type = bool
  69. default = null
  70. }
  71. variable "redshift_subnet_assign_ipv6_address_on_creation" {
  72. description = "Assign IPv6 address on redshift subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  73. type = bool
  74. default = null
  75. }
  76. variable "elasticache_subnet_assign_ipv6_address_on_creation" {
  77. description = "Assign IPv6 address on elasticache subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  78. type = bool
  79. default = null
  80. }
  81. variable "intra_subnet_assign_ipv6_address_on_creation" {
  82. description = "Assign IPv6 address on intra subnet, must be disabled to change IPv6 CIDRs. This is the IPv6 equivalent of map_public_ip_on_launch"
  83. type = bool
  84. default = null
  85. }
  86. variable "secondary_cidr_blocks" {
  87. description = "List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
  88. type = list(string)
  89. default = []
  90. }
  91. variable "instance_tenancy" {
  92. description = "A tenancy option for instances launched into the VPC"
  93. type = string
  94. default = "default"
  95. }
  96. variable "public_subnet_suffix" {
  97. description = "Suffix to append to public subnets name"
  98. type = string
  99. default = "public"
  100. }
  101. variable "private_subnet_suffix" {
  102. description = "Suffix to append to private subnets name"
  103. type = string
  104. default = "private"
  105. }
  106. variable "intra_subnet_suffix" {
  107. description = "Suffix to append to intra subnets name"
  108. type = string
  109. default = "intra"
  110. }
  111. variable "database_subnet_suffix" {
  112. description = "Suffix to append to database subnets name"
  113. type = string
  114. default = "db"
  115. }
  116. variable "redshift_subnet_suffix" {
  117. description = "Suffix to append to redshift subnets name"
  118. type = string
  119. default = "redshift"
  120. }
  121. variable "elasticache_subnet_suffix" {
  122. description = "Suffix to append to elasticache subnets name"
  123. type = string
  124. default = "elasticache"
  125. }
  126. variable "public_subnets" {
  127. description = "A list of public subnets inside the VPC"
  128. type = list(string)
  129. default = []
  130. }
  131. variable "private_subnets" {
  132. description = "A list of private subnets inside the VPC"
  133. type = list(string)
  134. default = []
  135. }
  136. variable "database_subnets" {
  137. description = "A list of database subnets"
  138. type = list(string)
  139. default = []
  140. }
  141. variable "redshift_subnets" {
  142. description = "A list of redshift subnets"
  143. type = list(string)
  144. default = []
  145. }
  146. variable "elasticache_subnets" {
  147. description = "A list of elasticache subnets"
  148. type = list(string)
  149. default = []
  150. }
  151. variable "intra_subnets" {
  152. description = "A list of intra subnets"
  153. type = list(string)
  154. default = []
  155. }
  156. variable "create_database_subnet_route_table" {
  157. description = "Controls if separate route table for database should be created"
  158. type = bool
  159. default = false
  160. }
  161. variable "create_redshift_subnet_route_table" {
  162. description = "Controls if separate route table for redshift should be created"
  163. type = bool
  164. default = false
  165. }
  166. variable "enable_public_redshift" {
  167. description = "Controls if redshift should have public routing table"
  168. type = bool
  169. default = false
  170. }
  171. variable "create_elasticache_subnet_route_table" {
  172. description = "Controls if separate route table for elasticache should be created"
  173. type = bool
  174. default = false
  175. }
  176. variable "create_database_subnet_group" {
  177. description = "Controls if database subnet group should be created (n.b. database_subnets must also be set)"
  178. type = bool
  179. default = true
  180. }
  181. variable "create_elasticache_subnet_group" {
  182. description = "Controls if elasticache subnet group should be created"
  183. type = bool
  184. default = true
  185. }
  186. variable "create_redshift_subnet_group" {
  187. description = "Controls if redshift subnet group should be created"
  188. type = bool
  189. default = true
  190. }
  191. variable "create_database_internet_gateway_route" {
  192. description = "Controls if an internet gateway route for public database access should be created"
  193. type = bool
  194. default = false
  195. }
  196. variable "create_database_nat_gateway_route" {
  197. description = "Controls if a nat gateway route should be created to give internet access to the database subnets"
  198. type = bool
  199. default = false
  200. }
  201. variable "azs" {
  202. description = "A list of availability zones names or ids in the region"
  203. type = list(string)
  204. default = []
  205. }
  206. variable "enable_dns_hostnames" {
  207. description = "Should be true to enable DNS hostnames in the VPC"
  208. type = bool
  209. default = false
  210. }
  211. variable "enable_dns_support" {
  212. description = "Should be true to enable DNS support in the VPC"
  213. type = bool
  214. default = true
  215. }
  216. variable "enable_classiclink" {
  217. description = "Should be true to enable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic."
  218. type = bool
  219. default = null
  220. }
  221. variable "enable_classiclink_dns_support" {
  222. description = "Should be true to enable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic."
  223. type = bool
  224. default = null
  225. }
  226. variable "enable_nat_gateway" {
  227. description = "Should be true if you want to provision NAT Gateways for each of your private networks"
  228. type = bool
  229. default = false
  230. }
  231. variable "single_nat_gateway" {
  232. description = "Should be true if you want to provision a single shared NAT Gateway across all of your private networks"
  233. type = bool
  234. default = false
  235. }
  236. variable "one_nat_gateway_per_az" {
  237. description = "Should be true if you want only one NAT Gateway per availability zone. Requires `var.azs` to be set, and the number of `public_subnets` created to be greater than or equal to the number of availability zones specified in `var.azs`."
  238. type = bool
  239. default = false
  240. }
  241. variable "reuse_nat_ips" {
  242. description = "Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable"
  243. type = bool
  244. default = false
  245. }
  246. variable "external_nat_ip_ids" {
  247. description = "List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips)"
  248. type = list(string)
  249. default = []
  250. }
  251. variable "external_nat_ips" {
  252. description = "List of EIPs to be used for `nat_public_ips` output (used in combination with reuse_nat_ips and external_nat_ip_ids)"
  253. type = list(string)
  254. default = []
  255. }
  256. variable "enable_public_s3_endpoint" {
  257. description = "Whether to enable S3 VPC Endpoint for public subnets"
  258. default = true
  259. type = bool
  260. }
  261. variable "enable_dynamodb_endpoint" {
  262. description = "Should be true if you want to provision a DynamoDB endpoint to the VPC"
  263. type = bool
  264. default = false
  265. }
  266. variable "enable_s3_endpoint" {
  267. description = "Should be true if you want to provision an S3 endpoint to the VPC"
  268. type = bool
  269. default = false
  270. }
  271. variable "enable_codeartifact_api_endpoint" {
  272. description = "Should be true if you want to provision an Codeartifact API endpoint to the VPC"
  273. type = bool
  274. default = false
  275. }
  276. variable "codeartifact_api_endpoint_security_group_ids" {
  277. description = "The ID of one or more security groups to associate with the network interface for Codeartifact API endpoint"
  278. type = list(string)
  279. default = []
  280. }
  281. variable "codeartifact_api_endpoint_subnet_ids" {
  282. description = "The ID of one or more subnets in which to create a network interface for Codeartifact API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  283. type = list(string)
  284. default = []
  285. }
  286. variable "codeartifact_api_endpoint_private_dns_enabled" {
  287. description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact API endpoint"
  288. type = bool
  289. default = false
  290. }
  291. variable "enable_codeartifact_repositories_endpoint" {
  292. description = "Should be true if you want to provision an Codeartifact repositories endpoint to the VPC"
  293. type = bool
  294. default = false
  295. }
  296. variable "codeartifact_repositories_endpoint_security_group_ids" {
  297. description = "The ID of one or more security groups to associate with the network interface for Codeartifact repositories endpoint"
  298. type = list(string)
  299. default = []
  300. }
  301. variable "codeartifact_repositories_endpoint_subnet_ids" {
  302. description = "The ID of one or more subnets in which to create a network interface for Codeartifact repositories endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  303. type = list(string)
  304. default = []
  305. }
  306. variable "codeartifact_repositories_endpoint_private_dns_enabled" {
  307. description = "Whether or not to associate a private hosted zone with the specified VPC for Codeartifact repositories endpoint"
  308. type = bool
  309. default = false
  310. }
  311. variable "enable_codebuild_endpoint" {
  312. description = "Should be true if you want to provision an Codebuild endpoint to the VPC"
  313. type = bool
  314. default = false
  315. }
  316. variable "codebuild_endpoint_security_group_ids" {
  317. description = "The ID of one or more security groups to associate with the network interface for Codebuild endpoint"
  318. type = list(string)
  319. default = []
  320. }
  321. variable "codebuild_endpoint_subnet_ids" {
  322. description = "The ID of one or more subnets in which to create a network interface for Codebuilt endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  323. type = list(string)
  324. default = []
  325. }
  326. variable "codebuild_endpoint_private_dns_enabled" {
  327. description = "Whether or not to associate a private hosted zone with the specified VPC for Codebuild endpoint"
  328. type = bool
  329. default = false
  330. }
  331. variable "enable_codecommit_endpoint" {
  332. description = "Should be true if you want to provision an Codecommit endpoint to the VPC"
  333. type = bool
  334. default = false
  335. }
  336. variable "codecommit_endpoint_security_group_ids" {
  337. description = "The ID of one or more security groups to associate with the network interface for Codecommit endpoint"
  338. type = list(string)
  339. default = []
  340. }
  341. variable "codecommit_endpoint_subnet_ids" {
  342. description = "The ID of one or more subnets in which to create a network interface for Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  343. type = list(string)
  344. default = []
  345. }
  346. variable "codecommit_endpoint_private_dns_enabled" {
  347. description = "Whether or not to associate a private hosted zone with the specified VPC for Codecommit endpoint"
  348. type = bool
  349. default = false
  350. }
  351. variable "enable_git_codecommit_endpoint" {
  352. description = "Should be true if you want to provision an Git Codecommit endpoint to the VPC"
  353. type = bool
  354. default = false
  355. }
  356. variable "git_codecommit_endpoint_security_group_ids" {
  357. description = "The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint"
  358. type = list(string)
  359. default = []
  360. }
  361. variable "git_codecommit_endpoint_subnet_ids" {
  362. description = "The ID of one or more subnets in which to create a network interface for Git Codecommit endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  363. type = list(string)
  364. default = []
  365. }
  366. variable "git_codecommit_endpoint_private_dns_enabled" {
  367. description = "Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint"
  368. type = bool
  369. default = false
  370. }
  371. variable "enable_config_endpoint" {
  372. description = "Should be true if you want to provision an config endpoint to the VPC"
  373. type = bool
  374. default = false
  375. }
  376. variable "config_endpoint_security_group_ids" {
  377. description = "The ID of one or more security groups to associate with the network interface for config endpoint"
  378. type = list(string)
  379. default = []
  380. }
  381. variable "config_endpoint_subnet_ids" {
  382. description = "The ID of one or more subnets in which to create a network interface for config endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  383. type = list(string)
  384. default = []
  385. }
  386. variable "config_endpoint_private_dns_enabled" {
  387. description = "Whether or not to associate a private hosted zone with the specified VPC for config endpoint"
  388. type = bool
  389. default = false
  390. }
  391. variable "enable_sqs_endpoint" {
  392. description = "Should be true if you want to provision an SQS endpoint to the VPC"
  393. type = bool
  394. default = false
  395. }
  396. variable "sqs_endpoint_security_group_ids" {
  397. description = "The ID of one or more security groups to associate with the network interface for SQS endpoint"
  398. type = list(string)
  399. default = []
  400. }
  401. variable "sqs_endpoint_subnet_ids" {
  402. description = "The ID of one or more subnets in which to create a network interface for SQS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  403. type = list(string)
  404. default = []
  405. }
  406. variable "sqs_endpoint_private_dns_enabled" {
  407. description = "Whether or not to associate a private hosted zone with the specified VPC for SQS endpoint"
  408. type = bool
  409. default = false
  410. }
  411. variable "enable_lambda_endpoint" {
  412. description = "Should be true if you want to provision a Lambda endpoint to the VPC"
  413. type = bool
  414. default = false
  415. }
  416. variable "lambda_endpoint_security_group_ids" {
  417. description = "The ID of one or more security groups to associate with the network interface for Lambda endpoint"
  418. type = list(string)
  419. default = []
  420. }
  421. variable "lambda_endpoint_subnet_ids" {
  422. description = "The ID of one or more subnets in which to create a network interface for Lambda endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  423. type = list(string)
  424. default = []
  425. }
  426. variable "lambda_endpoint_private_dns_enabled" {
  427. description = "Whether or not to associate a private hosted zone with the specified VPC for Lambda endpoint"
  428. type = bool
  429. default = false
  430. }
  431. variable "enable_ssm_endpoint" {
  432. description = "Should be true if you want to provision an SSM endpoint to the VPC"
  433. type = bool
  434. default = false
  435. }
  436. variable "ssm_endpoint_security_group_ids" {
  437. description = "The ID of one or more security groups to associate with the network interface for SSM endpoint"
  438. type = list(string)
  439. default = []
  440. }
  441. variable "ssm_endpoint_subnet_ids" {
  442. description = "The ID of one or more subnets in which to create a network interface for SSM endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  443. type = list(string)
  444. default = []
  445. }
  446. variable "ssm_endpoint_private_dns_enabled" {
  447. description = "Whether or not to associate a private hosted zone with the specified VPC for SSM endpoint"
  448. type = bool
  449. default = false
  450. }
  451. variable "enable_secretsmanager_endpoint" {
  452. description = "Should be true if you want to provision an Secrets Manager endpoint to the VPC"
  453. type = bool
  454. default = false
  455. }
  456. variable "secretsmanager_endpoint_security_group_ids" {
  457. description = "The ID of one or more security groups to associate with the network interface for Secrets Manager endpoint"
  458. type = list(string)
  459. default = []
  460. }
  461. variable "secretsmanager_endpoint_subnet_ids" {
  462. description = "The ID of one or more subnets in which to create a network interface for Secrets Manager endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  463. type = list(string)
  464. default = []
  465. }
  466. variable "secretsmanager_endpoint_private_dns_enabled" {
  467. description = "Whether or not to associate a private hosted zone with the specified VPC for Secrets Manager endpoint"
  468. type = bool
  469. default = false
  470. }
  471. variable "enable_apigw_endpoint" {
  472. description = "Should be true if you want to provision an api gateway endpoint to the VPC"
  473. type = bool
  474. default = false
  475. }
  476. variable "apigw_endpoint_security_group_ids" {
  477. description = "The ID of one or more security groups to associate with the network interface for API GW endpoint"
  478. type = list(string)
  479. default = []
  480. }
  481. variable "apigw_endpoint_private_dns_enabled" {
  482. description = "Whether or not to associate a private hosted zone with the specified VPC for API GW endpoint"
  483. type = bool
  484. default = false
  485. }
  486. variable "apigw_endpoint_subnet_ids" {
  487. description = "The ID of one or more subnets in which to create a network interface for API GW endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  488. type = list(string)
  489. default = []
  490. }
  491. variable "enable_ssmmessages_endpoint" {
  492. description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC"
  493. type = bool
  494. default = false
  495. }
  496. variable "ssmmessages_endpoint_security_group_ids" {
  497. description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint"
  498. type = list(string)
  499. default = []
  500. }
  501. variable "ssmmessages_endpoint_subnet_ids" {
  502. description = "The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  503. type = list(string)
  504. default = []
  505. }
  506. variable "ssmmessages_endpoint_private_dns_enabled" {
  507. description = "Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint"
  508. type = bool
  509. default = false
  510. }
  511. variable "enable_textract_endpoint" {
  512. description = "Should be true if you want to provision an Textract endpoint to the VPC"
  513. type = bool
  514. default = false
  515. }
  516. variable "textract_endpoint_security_group_ids" {
  517. description = "The ID of one or more security groups to associate with the network interface for Textract endpoint"
  518. type = list(string)
  519. default = []
  520. }
  521. variable "textract_endpoint_subnet_ids" {
  522. description = "The ID of one or more subnets in which to create a network interface for Textract endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  523. type = list(string)
  524. default = []
  525. }
  526. variable "textract_endpoint_private_dns_enabled" {
  527. description = "Whether or not to associate a private hosted zone with the specified VPC for Textract endpoint"
  528. type = bool
  529. default = false
  530. }
  531. variable "enable_transferserver_endpoint" {
  532. description = "Should be true if you want to provision a Transfer Server endpoint to the VPC"
  533. type = bool
  534. default = false
  535. }
  536. variable "transferserver_endpoint_security_group_ids" {
  537. description = "The ID of one or more security groups to associate with the network interface for Transfer Server endpoint"
  538. type = list(string)
  539. default = []
  540. }
  541. variable "transferserver_endpoint_subnet_ids" {
  542. description = "The ID of one or more subnets in which to create a network interface for Transfer Server endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  543. type = list(string)
  544. default = []
  545. }
  546. variable "transferserver_endpoint_private_dns_enabled" {
  547. description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer Server endpoint"
  548. type = bool
  549. default = false
  550. }
  551. variable "enable_ec2_endpoint" {
  552. description = "Should be true if you want to provision an EC2 endpoint to the VPC"
  553. type = bool
  554. default = false
  555. }
  556. variable "ec2_endpoint_security_group_ids" {
  557. description = "The ID of one or more security groups to associate with the network interface for EC2 endpoint"
  558. type = list(string)
  559. default = []
  560. }
  561. variable "ec2_endpoint_private_dns_enabled" {
  562. description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 endpoint"
  563. type = bool
  564. default = false
  565. }
  566. variable "ec2_endpoint_subnet_ids" {
  567. description = "The ID of one or more subnets in which to create a network interface for EC2 endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  568. type = list(string)
  569. default = []
  570. }
  571. variable "enable_ec2messages_endpoint" {
  572. description = "Should be true if you want to provision an EC2MESSAGES endpoint to the VPC"
  573. type = bool
  574. default = false
  575. }
  576. variable "ec2messages_endpoint_security_group_ids" {
  577. description = "The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint"
  578. type = list(string)
  579. default = []
  580. }
  581. variable "ec2messages_endpoint_private_dns_enabled" {
  582. description = "Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint"
  583. type = bool
  584. default = false
  585. }
  586. variable "ec2messages_endpoint_subnet_ids" {
  587. description = "The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  588. type = list(string)
  589. default = []
  590. }
  591. variable "enable_ec2_autoscaling_endpoint" {
  592. description = "Should be true if you want to provision an EC2 Autoscaling endpoint to the VPC"
  593. type = bool
  594. default = false
  595. }
  596. variable "ec2_autoscaling_endpoint_security_group_ids" {
  597. description = "The ID of one or more security groups to associate with the network interface for EC2 Autoscaling endpoint"
  598. type = list(string)
  599. default = []
  600. }
  601. variable "ec2_autoscaling_endpoint_private_dns_enabled" {
  602. description = "Whether or not to associate a private hosted zone with the specified VPC for EC2 Autoscaling endpoint"
  603. type = bool
  604. default = false
  605. }
  606. variable "ec2_autoscaling_endpoint_subnet_ids" {
  607. description = "The ID of one or more subnets in which to create a network interface for EC2 Autoscaling endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  608. type = list(string)
  609. default = []
  610. }
  611. variable "enable_ecr_api_endpoint" {
  612. description = "Should be true if you want to provision an ecr api endpoint to the VPC"
  613. type = bool
  614. default = false
  615. }
  616. variable "ecr_api_endpoint_subnet_ids" {
  617. description = "The ID of one or more subnets in which to create a network interface for ECR api endpoint. If omitted, private subnets will be used."
  618. type = list(string)
  619. default = []
  620. }
  621. variable "ecr_api_endpoint_private_dns_enabled" {
  622. description = "Whether or not to associate a private hosted zone with the specified VPC for ECR API endpoint"
  623. type = bool
  624. default = false
  625. }
  626. variable "ecr_api_endpoint_security_group_ids" {
  627. description = "The ID of one or more security groups to associate with the network interface for ECR API endpoint"
  628. type = list(string)
  629. default = []
  630. }
  631. variable "enable_ecr_dkr_endpoint" {
  632. description = "Should be true if you want to provision an ecr dkr endpoint to the VPC"
  633. type = bool
  634. default = false
  635. }
  636. variable "ecr_dkr_endpoint_subnet_ids" {
  637. description = "The ID of one or more subnets in which to create a network interface for ECR dkr endpoint. If omitted, private subnets will be used."
  638. type = list(string)
  639. default = []
  640. }
  641. variable "ecr_dkr_endpoint_private_dns_enabled" {
  642. description = "Whether or not to associate a private hosted zone with the specified VPC for ECR DKR endpoint"
  643. type = bool
  644. default = false
  645. }
  646. variable "ecr_dkr_endpoint_security_group_ids" {
  647. description = "The ID of one or more security groups to associate with the network interface for ECR DKR endpoint"
  648. type = list(string)
  649. default = []
  650. }
  651. variable "enable_kms_endpoint" {
  652. description = "Should be true if you want to provision a KMS endpoint to the VPC"
  653. type = bool
  654. default = false
  655. }
  656. variable "kms_endpoint_security_group_ids" {
  657. description = "The ID of one or more security groups to associate with the network interface for KMS endpoint"
  658. type = list(string)
  659. default = []
  660. }
  661. variable "kms_endpoint_subnet_ids" {
  662. description = "The ID of one or more subnets in which to create a network interface for KMS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  663. type = list(string)
  664. default = []
  665. }
  666. variable "kms_endpoint_private_dns_enabled" {
  667. description = "Whether or not to associate a private hosted zone with the specified VPC for KMS endpoint"
  668. type = bool
  669. default = false
  670. }
  671. variable "enable_ecs_endpoint" {
  672. description = "Should be true if you want to provision a ECS endpoint to the VPC"
  673. type = bool
  674. default = false
  675. }
  676. variable "ecs_endpoint_security_group_ids" {
  677. description = "The ID of one or more security groups to associate with the network interface for ECS endpoint"
  678. type = list(string)
  679. default = []
  680. }
  681. variable "ecs_endpoint_subnet_ids" {
  682. description = "The ID of one or more subnets in which to create a network interface for ECS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  683. type = list(string)
  684. default = []
  685. }
  686. variable "ecs_endpoint_private_dns_enabled" {
  687. description = "Whether or not to associate a private hosted zone with the specified VPC for ECS endpoint"
  688. type = bool
  689. default = false
  690. }
  691. variable "enable_ecs_agent_endpoint" {
  692. description = "Should be true if you want to provision a ECS Agent endpoint to the VPC"
  693. type = bool
  694. default = false
  695. }
  696. variable "ecs_agent_endpoint_security_group_ids" {
  697. description = "The ID of one or more security groups to associate with the network interface for ECS Agent endpoint"
  698. type = list(string)
  699. default = []
  700. }
  701. variable "ecs_agent_endpoint_subnet_ids" {
  702. description = "The ID of one or more subnets in which to create a network interface for ECS Agent endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  703. type = list(string)
  704. default = []
  705. }
  706. variable "ecs_agent_endpoint_private_dns_enabled" {
  707. description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Agent endpoint"
  708. type = bool
  709. default = false
  710. }
  711. variable "enable_ecs_telemetry_endpoint" {
  712. description = "Should be true if you want to provision a ECS Telemetry endpoint to the VPC"
  713. type = bool
  714. default = false
  715. }
  716. variable "ecs_telemetry_endpoint_security_group_ids" {
  717. description = "The ID of one or more security groups to associate with the network interface for ECS Telemetry endpoint"
  718. type = list(string)
  719. default = []
  720. }
  721. variable "ecs_telemetry_endpoint_subnet_ids" {
  722. description = "The ID of one or more subnets in which to create a network interface for ECS Telemetry endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  723. type = list(string)
  724. default = []
  725. }
  726. variable "ecs_telemetry_endpoint_private_dns_enabled" {
  727. description = "Whether or not to associate a private hosted zone with the specified VPC for ECS Telemetry endpoint"
  728. type = bool
  729. default = false
  730. }
  731. variable "enable_sns_endpoint" {
  732. description = "Should be true if you want to provision a SNS endpoint to the VPC"
  733. type = bool
  734. default = false
  735. }
  736. variable "sns_endpoint_security_group_ids" {
  737. description = "The ID of one or more security groups to associate with the network interface for SNS endpoint"
  738. type = list(string)
  739. default = []
  740. }
  741. variable "sns_endpoint_subnet_ids" {
  742. description = "The ID of one or more subnets in which to create a network interface for SNS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  743. type = list(string)
  744. default = []
  745. }
  746. variable "sns_endpoint_private_dns_enabled" {
  747. description = "Whether or not to associate a private hosted zone with the specified VPC for SNS endpoint"
  748. type = bool
  749. default = false
  750. }
  751. variable "enable_monitoring_endpoint" {
  752. description = "Should be true if you want to provision a CloudWatch Monitoring endpoint to the VPC"
  753. type = bool
  754. default = false
  755. }
  756. variable "monitoring_endpoint_security_group_ids" {
  757. description = "The ID of one or more security groups to associate with the network interface for CloudWatch Monitoring endpoint"
  758. type = list(string)
  759. default = []
  760. }
  761. variable "monitoring_endpoint_subnet_ids" {
  762. description = "The ID of one or more subnets in which to create a network interface for CloudWatch Monitoring endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  763. type = list(string)
  764. default = []
  765. }
  766. variable "monitoring_endpoint_private_dns_enabled" {
  767. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Monitoring endpoint"
  768. type = bool
  769. default = false
  770. }
  771. variable "enable_elasticloadbalancing_endpoint" {
  772. description = "Should be true if you want to provision a Elastic Load Balancing endpoint to the VPC"
  773. type = bool
  774. default = false
  775. }
  776. variable "elasticloadbalancing_endpoint_security_group_ids" {
  777. description = "The ID of one or more security groups to associate with the network interface for Elastic Load Balancing endpoint"
  778. type = list(string)
  779. default = []
  780. }
  781. variable "elasticloadbalancing_endpoint_subnet_ids" {
  782. description = "The ID of one or more subnets in which to create a network interface for Elastic Load Balancing endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  783. type = list(string)
  784. default = []
  785. }
  786. variable "elasticloadbalancing_endpoint_private_dns_enabled" {
  787. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Load Balancing endpoint"
  788. type = bool
  789. default = false
  790. }
  791. variable "enable_events_endpoint" {
  792. description = "Should be true if you want to provision a CloudWatch Events endpoint to the VPC"
  793. type = bool
  794. default = false
  795. }
  796. variable "events_endpoint_security_group_ids" {
  797. description = "The ID of one or more security groups to associate with the network interface for CloudWatch Events endpoint"
  798. type = list(string)
  799. default = []
  800. }
  801. variable "events_endpoint_subnet_ids" {
  802. description = "The ID of one or more subnets in which to create a network interface for CloudWatch Events endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  803. type = list(string)
  804. default = []
  805. }
  806. variable "events_endpoint_private_dns_enabled" {
  807. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Events endpoint"
  808. type = bool
  809. default = false
  810. }
  811. variable "enable_logs_endpoint" {
  812. description = "Should be true if you want to provision a CloudWatch Logs endpoint to the VPC"
  813. type = bool
  814. default = false
  815. }
  816. variable "logs_endpoint_security_group_ids" {
  817. description = "The ID of one or more security groups to associate with the network interface for CloudWatch Logs endpoint"
  818. type = list(string)
  819. default = []
  820. }
  821. variable "logs_endpoint_subnet_ids" {
  822. description = "The ID of one or more subnets in which to create a network interface for CloudWatch Logs endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  823. type = list(string)
  824. default = []
  825. }
  826. variable "logs_endpoint_private_dns_enabled" {
  827. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudWatch Logs endpoint"
  828. type = bool
  829. default = false
  830. }
  831. variable "enable_cloudtrail_endpoint" {
  832. description = "Should be true if you want to provision a CloudTrail endpoint to the VPC"
  833. type = bool
  834. default = false
  835. }
  836. variable "cloudtrail_endpoint_security_group_ids" {
  837. description = "The ID of one or more security groups to associate with the network interface for CloudTrail endpoint"
  838. type = list(string)
  839. default = []
  840. }
  841. variable "cloudtrail_endpoint_subnet_ids" {
  842. description = "The ID of one or more subnets in which to create a network interface for CloudTrail endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  843. type = list(string)
  844. default = []
  845. }
  846. variable "cloudtrail_endpoint_private_dns_enabled" {
  847. description = "Whether or not to associate a private hosted zone with the specified VPC for CloudTrail endpoint"
  848. type = bool
  849. default = false
  850. }
  851. variable "enable_kinesis_streams_endpoint" {
  852. description = "Should be true if you want to provision a Kinesis Streams endpoint to the VPC"
  853. type = bool
  854. default = false
  855. }
  856. variable "kinesis_streams_endpoint_security_group_ids" {
  857. description = "The ID of one or more security groups to associate with the network interface for Kinesis Streams endpoint"
  858. type = list(string)
  859. default = []
  860. }
  861. variable "kinesis_streams_endpoint_subnet_ids" {
  862. description = "The ID of one or more subnets in which to create a network interface for Kinesis Streams endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  863. type = list(string)
  864. default = []
  865. }
  866. variable "kinesis_streams_endpoint_private_dns_enabled" {
  867. description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Streams endpoint"
  868. type = bool
  869. default = false
  870. }
  871. variable "enable_kinesis_firehose_endpoint" {
  872. description = "Should be true if you want to provision a Kinesis Firehose endpoint to the VPC"
  873. type = bool
  874. default = false
  875. }
  876. variable "kinesis_firehose_endpoint_security_group_ids" {
  877. description = "The ID of one or more security groups to associate with the network interface for Kinesis Firehose endpoint"
  878. type = list(string)
  879. default = []
  880. }
  881. variable "kinesis_firehose_endpoint_subnet_ids" {
  882. description = "The ID of one or more subnets in which to create a network interface for Kinesis Firehose endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  883. type = list(string)
  884. default = []
  885. }
  886. variable "kinesis_firehose_endpoint_private_dns_enabled" {
  887. description = "Whether or not to associate a private hosted zone with the specified VPC for Kinesis Firehose endpoint"
  888. type = bool
  889. default = false
  890. }
  891. variable "enable_glue_endpoint" {
  892. description = "Should be true if you want to provision a Glue endpoint to the VPC"
  893. type = bool
  894. default = false
  895. }
  896. variable "glue_endpoint_security_group_ids" {
  897. description = "The ID of one or more security groups to associate with the network interface for Glue endpoint"
  898. type = list(string)
  899. default = []
  900. }
  901. variable "glue_endpoint_subnet_ids" {
  902. description = "The ID of one or more subnets in which to create a network interface for Glue endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  903. type = list(string)
  904. default = []
  905. }
  906. variable "glue_endpoint_private_dns_enabled" {
  907. description = "Whether or not to associate a private hosted zone with the specified VPC for Glue endpoint"
  908. type = bool
  909. default = false
  910. }
  911. variable "enable_sagemaker_notebook_endpoint" {
  912. description = "Should be true if you want to provision a Sagemaker Notebook endpoint to the VPC"
  913. type = bool
  914. default = false
  915. }
  916. variable "sagemaker_notebook_endpoint_region" {
  917. description = "Region to use for Sagemaker Notebook endpoint"
  918. type = string
  919. default = ""
  920. }
  921. variable "sagemaker_notebook_endpoint_security_group_ids" {
  922. description = "The ID of one or more security groups to associate with the network interface for Sagemaker Notebook endpoint"
  923. type = list(string)
  924. default = []
  925. }
  926. variable "sagemaker_notebook_endpoint_subnet_ids" {
  927. description = "The ID of one or more subnets in which to create a network interface for Sagemaker Notebook endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  928. type = list(string)
  929. default = []
  930. }
  931. variable "sagemaker_notebook_endpoint_private_dns_enabled" {
  932. description = "Whether or not to associate a private hosted zone with the specified VPC for Sagemaker Notebook endpoint"
  933. type = bool
  934. default = false
  935. }
  936. variable "enable_sts_endpoint" {
  937. description = "Should be true if you want to provision a STS endpoint to the VPC"
  938. type = bool
  939. default = false
  940. }
  941. variable "sts_endpoint_security_group_ids" {
  942. description = "The ID of one or more security groups to associate with the network interface for STS endpoint"
  943. type = list(string)
  944. default = []
  945. }
  946. variable "sts_endpoint_subnet_ids" {
  947. description = "The ID of one or more subnets in which to create a network interface for STS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  948. type = list(string)
  949. default = []
  950. }
  951. variable "sts_endpoint_private_dns_enabled" {
  952. description = "Whether or not to associate a private hosted zone with the specified VPC for STS endpoint"
  953. type = bool
  954. default = false
  955. }
  956. variable "enable_cloudformation_endpoint" {
  957. description = "Should be true if you want to provision a Cloudformation endpoint to the VPC"
  958. type = bool
  959. default = false
  960. }
  961. variable "cloudformation_endpoint_security_group_ids" {
  962. description = "The ID of one or more security groups to associate with the network interface for Cloudformation endpoint"
  963. type = list(string)
  964. default = []
  965. }
  966. variable "cloudformation_endpoint_subnet_ids" {
  967. description = "The ID of one or more subnets in which to create a network interface for Cloudformation endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  968. type = list(string)
  969. default = []
  970. }
  971. variable "cloudformation_endpoint_private_dns_enabled" {
  972. description = "Whether or not to associate a private hosted zone with the specified VPC for Cloudformation endpoint"
  973. type = bool
  974. default = false
  975. }
  976. variable "enable_codepipeline_endpoint" {
  977. description = "Should be true if you want to provision a CodePipeline endpoint to the VPC"
  978. type = bool
  979. default = false
  980. }
  981. variable "codepipeline_endpoint_security_group_ids" {
  982. description = "The ID of one or more security groups to associate with the network interface for CodePipeline endpoint"
  983. type = list(string)
  984. default = []
  985. }
  986. variable "codepipeline_endpoint_subnet_ids" {
  987. description = "The ID of one or more subnets in which to create a network interface for CodePipeline endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  988. type = list(string)
  989. default = []
  990. }
  991. variable "codepipeline_endpoint_private_dns_enabled" {
  992. description = "Whether or not to associate a private hosted zone with the specified VPC for CodePipeline endpoint"
  993. type = bool
  994. default = false
  995. }
  996. variable "enable_appmesh_envoy_management_endpoint" {
  997. description = "Should be true if you want to provision a AppMesh endpoint to the VPC"
  998. type = bool
  999. default = false
  1000. }
  1001. variable "appmesh_envoy_management_endpoint_security_group_ids" {
  1002. description = "The ID of one or more security groups to associate with the network interface for AppMesh endpoint"
  1003. type = list(string)
  1004. default = []
  1005. }
  1006. variable "appmesh_envoy_management_endpoint_subnet_ids" {
  1007. description = "The ID of one or more subnets in which to create a network interface for AppMesh endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1008. type = list(string)
  1009. default = []
  1010. }
  1011. variable "appmesh_envoy_management_endpoint_private_dns_enabled" {
  1012. description = "Whether or not to associate a private hosted zone with the specified VPC for AppMesh endpoint"
  1013. type = bool
  1014. default = false
  1015. }
  1016. variable "enable_servicecatalog_endpoint" {
  1017. description = "Should be true if you want to provision a Service Catalog endpoint to the VPC"
  1018. type = bool
  1019. default = false
  1020. }
  1021. variable "servicecatalog_endpoint_security_group_ids" {
  1022. description = "The ID of one or more security groups to associate with the network interface for Service Catalog endpoint"
  1023. type = list(string)
  1024. default = []
  1025. }
  1026. variable "servicecatalog_endpoint_subnet_ids" {
  1027. description = "The ID of one or more subnets in which to create a network interface for Service Catalog endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1028. type = list(string)
  1029. default = []
  1030. }
  1031. variable "servicecatalog_endpoint_private_dns_enabled" {
  1032. description = "Whether or not to associate a private hosted zone with the specified VPC for Service Catalog endpoint"
  1033. type = bool
  1034. default = false
  1035. }
  1036. variable "enable_storagegateway_endpoint" {
  1037. description = "Should be true if you want to provision a Storage Gateway endpoint to the VPC"
  1038. type = bool
  1039. default = false
  1040. }
  1041. variable "storagegateway_endpoint_security_group_ids" {
  1042. description = "The ID of one or more security groups to associate with the network interface for Storage Gateway endpoint"
  1043. type = list(string)
  1044. default = []
  1045. }
  1046. variable "storagegateway_endpoint_subnet_ids" {
  1047. description = "The ID of one or more subnets in which to create a network interface for Storage Gateway endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1048. type = list(string)
  1049. default = []
  1050. }
  1051. variable "storagegateway_endpoint_private_dns_enabled" {
  1052. description = "Whether or not to associate a private hosted zone with the specified VPC for Storage Gateway endpoint"
  1053. type = bool
  1054. default = false
  1055. }
  1056. variable "enable_transfer_endpoint" {
  1057. description = "Should be true if you want to provision a Transfer endpoint to the VPC"
  1058. type = bool
  1059. default = false
  1060. }
  1061. variable "transfer_endpoint_security_group_ids" {
  1062. description = "The ID of one or more security groups to associate with the network interface for Transfer endpoint"
  1063. type = list(string)
  1064. default = []
  1065. }
  1066. variable "transfer_endpoint_subnet_ids" {
  1067. description = "The ID of one or more subnets in which to create a network interface for Transfer endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1068. type = list(string)
  1069. default = []
  1070. }
  1071. variable "transfer_endpoint_private_dns_enabled" {
  1072. description = "Whether or not to associate a private hosted zone with the specified VPC for Transfer endpoint"
  1073. type = bool
  1074. default = false
  1075. }
  1076. variable "enable_sagemaker_api_endpoint" {
  1077. description = "Should be true if you want to provision a SageMaker API endpoint to the VPC"
  1078. type = bool
  1079. default = false
  1080. }
  1081. variable "sagemaker_api_endpoint_security_group_ids" {
  1082. description = "The ID of one or more security groups to associate with the network interface for SageMaker API endpoint"
  1083. type = list(string)
  1084. default = []
  1085. }
  1086. variable "sagemaker_api_endpoint_subnet_ids" {
  1087. description = "The ID of one or more subnets in which to create a network interface for SageMaker API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1088. type = list(string)
  1089. default = []
  1090. }
  1091. variable "sagemaker_api_endpoint_private_dns_enabled" {
  1092. description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker API endpoint"
  1093. type = bool
  1094. default = false
  1095. }
  1096. variable "enable_sagemaker_runtime_endpoint" {
  1097. description = "Should be true if you want to provision a SageMaker Runtime endpoint to the VPC"
  1098. type = bool
  1099. default = false
  1100. }
  1101. variable "sagemaker_runtime_endpoint_security_group_ids" {
  1102. description = "The ID of one or more security groups to associate with the network interface for SageMaker Runtime endpoint"
  1103. type = list(string)
  1104. default = []
  1105. }
  1106. variable "sagemaker_runtime_endpoint_subnet_ids" {
  1107. description = "The ID of one or more subnets in which to create a network interface for SageMaker Runtime endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1108. type = list(string)
  1109. default = []
  1110. }
  1111. variable "sagemaker_runtime_endpoint_private_dns_enabled" {
  1112. description = "Whether or not to associate a private hosted zone with the specified VPC for SageMaker Runtime endpoint"
  1113. type = bool
  1114. default = false
  1115. }
  1116. variable "enable_appstream_api_endpoint" {
  1117. description = "Should be true if you want to provision a AppStream API endpoint to the VPC"
  1118. type = bool
  1119. default = false
  1120. }
  1121. variable "appstream_api_endpoint_security_group_ids" {
  1122. description = "The ID of one or more security groups to associate with the network interface for AppStream API endpoint"
  1123. type = list(string)
  1124. default = []
  1125. }
  1126. variable "appstream_api_endpoint_subnet_ids" {
  1127. description = "The ID of one or more subnets in which to create a network interface for AppStream API endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1128. type = list(string)
  1129. default = []
  1130. }
  1131. variable "appstream_api_endpoint_private_dns_enabled" {
  1132. description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream API endpoint"
  1133. type = bool
  1134. default = false
  1135. }
  1136. variable "enable_appstream_streaming_endpoint" {
  1137. description = "Should be true if you want to provision a AppStream Streaming endpoint to the VPC"
  1138. type = bool
  1139. default = false
  1140. }
  1141. variable "appstream_streaming_endpoint_security_group_ids" {
  1142. description = "The ID of one or more security groups to associate with the network interface for AppStream Streaming endpoint"
  1143. type = list(string)
  1144. default = []
  1145. }
  1146. variable "appstream_streaming_endpoint_subnet_ids" {
  1147. description = "The ID of one or more subnets in which to create a network interface for AppStream Streaming endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1148. type = list(string)
  1149. default = []
  1150. }
  1151. variable "appstream_streaming_endpoint_private_dns_enabled" {
  1152. description = "Whether or not to associate a private hosted zone with the specified VPC for AppStream Streaming endpoint"
  1153. type = bool
  1154. default = false
  1155. }
  1156. variable "enable_athena_endpoint" {
  1157. description = "Should be true if you want to provision a Athena endpoint to the VPC"
  1158. type = bool
  1159. default = false
  1160. }
  1161. variable "athena_endpoint_security_group_ids" {
  1162. description = "The ID of one or more security groups to associate with the network interface for Athena endpoint"
  1163. type = list(string)
  1164. default = []
  1165. }
  1166. variable "athena_endpoint_subnet_ids" {
  1167. description = "The ID of one or more subnets in which to create a network interface for Athena endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1168. type = list(string)
  1169. default = []
  1170. }
  1171. variable "athena_endpoint_private_dns_enabled" {
  1172. description = "Whether or not to associate a private hosted zone with the specified VPC for Athena endpoint"
  1173. type = bool
  1174. default = false
  1175. }
  1176. variable "enable_rekognition_endpoint" {
  1177. description = "Should be true if you want to provision a Rekognition endpoint to the VPC"
  1178. type = bool
  1179. default = false
  1180. }
  1181. variable "rekognition_endpoint_security_group_ids" {
  1182. description = "The ID of one or more security groups to associate with the network interface for Rekognition endpoint"
  1183. type = list(string)
  1184. default = []
  1185. }
  1186. variable "rekognition_endpoint_subnet_ids" {
  1187. description = "The ID of one or more subnets in which to create a network interface for Rekognition endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1188. type = list(string)
  1189. default = []
  1190. }
  1191. variable "rekognition_endpoint_private_dns_enabled" {
  1192. description = "Whether or not to associate a private hosted zone with the specified VPC for Rekognition endpoint"
  1193. type = bool
  1194. default = false
  1195. }
  1196. variable "enable_efs_endpoint" {
  1197. description = "Should be true if you want to provision an EFS endpoint to the VPC"
  1198. type = bool
  1199. default = false
  1200. }
  1201. variable "efs_endpoint_security_group_ids" {
  1202. description = "The ID of one or more security groups to associate with the network interface for EFS endpoint"
  1203. type = list(string)
  1204. default = []
  1205. }
  1206. variable "efs_endpoint_subnet_ids" {
  1207. description = "The ID of one or more subnets in which to create a network interface for EFS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1208. type = list(string)
  1209. default = []
  1210. }
  1211. variable "efs_endpoint_private_dns_enabled" {
  1212. description = "Whether or not to associate a private hosted zone with the specified VPC for EFS endpoint"
  1213. type = bool
  1214. default = false
  1215. }
  1216. variable "enable_cloud_directory_endpoint" {
  1217. description = "Should be true if you want to provision an Cloud Directory endpoint to the VPC"
  1218. type = bool
  1219. default = false
  1220. }
  1221. variable "cloud_directory_endpoint_security_group_ids" {
  1222. description = "The ID of one or more security groups to associate with the network interface for Cloud Directory endpoint"
  1223. type = list(string)
  1224. default = []
  1225. }
  1226. variable "cloud_directory_endpoint_subnet_ids" {
  1227. description = "The ID of one or more subnets in which to create a network interface for Cloud Directory endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1228. type = list(string)
  1229. default = []
  1230. }
  1231. variable "cloud_directory_endpoint_private_dns_enabled" {
  1232. description = "Whether or not to associate a private hosted zone with the specified VPC for Cloud Directory endpoint"
  1233. type = bool
  1234. default = false
  1235. }
  1236. variable "enable_ses_endpoint" {
  1237. description = "Should be true if you want to provision an SES endpoint to the VPC"
  1238. type = bool
  1239. default = false
  1240. }
  1241. variable "ses_endpoint_security_group_ids" {
  1242. description = "The ID of one or more security groups to associate with the network interface for SES endpoint"
  1243. type = list(string)
  1244. default = []
  1245. }
  1246. variable "ses_endpoint_subnet_ids" {
  1247. description = "The ID of one or more subnets in which to create a network interface for SES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1248. type = list(string)
  1249. default = []
  1250. }
  1251. variable "enable_auto_scaling_plans_endpoint" {
  1252. description = "Should be true if you want to provision an Auto Scaling Plans endpoint to the VPC"
  1253. type = bool
  1254. default = false
  1255. }
  1256. variable "auto_scaling_plans_endpoint_security_group_ids" {
  1257. description = "The ID of one or more security groups to associate with the network interface for Auto Scaling Plans endpoint"
  1258. type = list(string)
  1259. default = []
  1260. }
  1261. variable "auto_scaling_plans_endpoint_subnet_ids" {
  1262. description = "The ID of one or more subnets in which to create a network interface for Auto Scaling Plans endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1263. type = list(string)
  1264. default = []
  1265. }
  1266. variable "auto_scaling_plans_endpoint_private_dns_enabled" {
  1267. description = "Whether or not to associate a private hosted zone with the specified VPC for Auto Scaling Plans endpoint"
  1268. type = bool
  1269. default = false
  1270. }
  1271. variable "ses_endpoint_private_dns_enabled" {
  1272. description = "Whether or not to associate a private hosted zone with the specified VPC for SES endpoint"
  1273. type = bool
  1274. default = false
  1275. }
  1276. variable "enable_workspaces_endpoint" {
  1277. description = "Should be true if you want to provision an Workspaces endpoint to the VPC"
  1278. type = bool
  1279. default = false
  1280. }
  1281. variable "workspaces_endpoint_security_group_ids" {
  1282. description = "The ID of one or more security groups to associate with the network interface for Workspaces endpoint"
  1283. type = list(string)
  1284. default = []
  1285. }
  1286. variable "workspaces_endpoint_subnet_ids" {
  1287. description = "The ID of one or more subnets in which to create a network interface for Workspaces endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1288. type = list(string)
  1289. default = []
  1290. }
  1291. variable "workspaces_endpoint_private_dns_enabled" {
  1292. description = "Whether or not to associate a private hosted zone with the specified VPC for Workspaces endpoint"
  1293. type = bool
  1294. default = false
  1295. }
  1296. variable "enable_access_analyzer_endpoint" {
  1297. description = "Should be true if you want to provision an Access Analyzer endpoint to the VPC"
  1298. type = bool
  1299. default = false
  1300. }
  1301. variable "access_analyzer_endpoint_security_group_ids" {
  1302. description = "The ID of one or more security groups to associate with the network interface for Access Analyzer endpoint"
  1303. type = list(string)
  1304. default = []
  1305. }
  1306. variable "access_analyzer_endpoint_subnet_ids" {
  1307. description = "The ID of one or more subnets in which to create a network interface for Access Analyzer endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1308. type = list(string)
  1309. default = []
  1310. }
  1311. variable "access_analyzer_endpoint_private_dns_enabled" {
  1312. description = "Whether or not to associate a private hosted zone with the specified VPC for Access Analyzer endpoint"
  1313. type = bool
  1314. default = false
  1315. }
  1316. variable "enable_ebs_endpoint" {
  1317. description = "Should be true if you want to provision an EBS endpoint to the VPC"
  1318. type = bool
  1319. default = false
  1320. }
  1321. variable "ebs_endpoint_security_group_ids" {
  1322. description = "The ID of one or more security groups to associate with the network interface for EBS endpoint"
  1323. type = list(string)
  1324. default = []
  1325. }
  1326. variable "ebs_endpoint_subnet_ids" {
  1327. description = "The ID of one or more subnets in which to create a network interface for EBS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1328. type = list(string)
  1329. default = []
  1330. }
  1331. variable "ebs_endpoint_private_dns_enabled" {
  1332. description = "Whether or not to associate a private hosted zone with the specified VPC for EBS endpoint"
  1333. type = bool
  1334. default = false
  1335. }
  1336. variable "enable_datasync_endpoint" {
  1337. description = "Should be true if you want to provision an Data Sync endpoint to the VPC"
  1338. type = bool
  1339. default = false
  1340. }
  1341. variable "datasync_endpoint_security_group_ids" {
  1342. description = "The ID of one or more security groups to associate with the network interface for Data Sync endpoint"
  1343. type = list(string)
  1344. default = []
  1345. }
  1346. variable "datasync_endpoint_subnet_ids" {
  1347. description = "The ID of one or more subnets in which to create a network interface for Data Sync endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1348. type = list(string)
  1349. default = []
  1350. }
  1351. variable "datasync_endpoint_private_dns_enabled" {
  1352. description = "Whether or not to associate a private hosted zone with the specified VPC for Data Sync endpoint"
  1353. type = bool
  1354. default = false
  1355. }
  1356. variable "enable_elastic_inference_runtime_endpoint" {
  1357. description = "Should be true if you want to provision an Elastic Inference Runtime endpoint to the VPC"
  1358. type = bool
  1359. default = false
  1360. }
  1361. variable "elastic_inference_runtime_endpoint_security_group_ids" {
  1362. description = "The ID of one or more security groups to associate with the network interface for Elastic Inference Runtime endpoint"
  1363. type = list(string)
  1364. default = []
  1365. }
  1366. variable "elastic_inference_runtime_endpoint_subnet_ids" {
  1367. description = "The ID of one or more subnets in which to create a network interface for Elastic Inference Runtime endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1368. type = list(string)
  1369. default = []
  1370. }
  1371. variable "elastic_inference_runtime_endpoint_private_dns_enabled" {
  1372. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Inference Runtime endpoint"
  1373. type = bool
  1374. default = false
  1375. }
  1376. variable "enable_sms_endpoint" {
  1377. description = "Should be true if you want to provision an SMS endpoint to the VPC"
  1378. type = bool
  1379. default = false
  1380. }
  1381. variable "sms_endpoint_security_group_ids" {
  1382. description = "The ID of one or more security groups to associate with the network interface for SMS endpoint"
  1383. type = list(string)
  1384. default = []
  1385. }
  1386. variable "sms_endpoint_subnet_ids" {
  1387. description = "The ID of one or more subnets in which to create a network interface for SMS endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1388. type = list(string)
  1389. default = []
  1390. }
  1391. variable "sms_endpoint_private_dns_enabled" {
  1392. description = "Whether or not to associate a private hosted zone with the specified VPC for SMS endpoint"
  1393. type = bool
  1394. default = false
  1395. }
  1396. variable "enable_emr_endpoint" {
  1397. description = "Should be true if you want to provision an EMR endpoint to the VPC"
  1398. type = bool
  1399. default = false
  1400. }
  1401. variable "emr_endpoint_security_group_ids" {
  1402. description = "The ID of one or more security groups to associate with the network interface for EMR endpoint"
  1403. type = list(string)
  1404. default = []
  1405. }
  1406. variable "emr_endpoint_subnet_ids" {
  1407. description = "The ID of one or more subnets in which to create a network interface for EMR endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1408. type = list(string)
  1409. default = []
  1410. }
  1411. variable "emr_endpoint_private_dns_enabled" {
  1412. description = "Whether or not to associate a private hosted zone with the specified VPC for EMR endpoint"
  1413. type = bool
  1414. default = false
  1415. }
  1416. variable "enable_qldb_session_endpoint" {
  1417. description = "Should be true if you want to provision an QLDB Session endpoint to the VPC"
  1418. type = bool
  1419. default = false
  1420. }
  1421. variable "qldb_session_endpoint_security_group_ids" {
  1422. description = "The ID of one or more security groups to associate with the network interface for QLDB Session endpoint"
  1423. type = list(string)
  1424. default = []
  1425. }
  1426. variable "qldb_session_endpoint_subnet_ids" {
  1427. description = "The ID of one or more subnets in which to create a network interface for QLDB Session endpoint. Only a single subnet within an AZ is supported. Ifomitted, private subnets will be used."
  1428. type = list(string)
  1429. default = []
  1430. }
  1431. variable "qldb_session_endpoint_private_dns_enabled" {
  1432. description = "Whether or not to associate a private hosted zone with the specified VPC for QLDB Session endpoint"
  1433. type = bool
  1434. default = false
  1435. }
  1436. variable "enable_elasticbeanstalk_endpoint" {
  1437. description = "Should be true if you want to provision a Elastic Beanstalk endpoint to the VPC"
  1438. type = bool
  1439. default = false
  1440. }
  1441. variable "elasticbeanstalk_endpoint_security_group_ids" {
  1442. description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk endpoint"
  1443. type = list(string)
  1444. default = []
  1445. }
  1446. variable "elasticbeanstalk_endpoint_subnet_ids" {
  1447. description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1448. type = list(string)
  1449. default = []
  1450. }
  1451. variable "elasticbeanstalk_endpoint_private_dns_enabled" {
  1452. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk endpoint"
  1453. type = bool
  1454. default = false
  1455. }
  1456. variable "enable_elasticbeanstalk_health_endpoint" {
  1457. description = "Should be true if you want to provision a Elastic Beanstalk Health endpoint to the VPC"
  1458. type = bool
  1459. default = false
  1460. }
  1461. variable "elasticbeanstalk_health_endpoint_security_group_ids" {
  1462. description = "The ID of one or more security groups to associate with the network interface for Elastic Beanstalk Health endpoint"
  1463. type = list(string)
  1464. default = []
  1465. }
  1466. variable "elasticbeanstalk_health_endpoint_subnet_ids" {
  1467. description = "The ID of one or more subnets in which to create a network interface for Elastic Beanstalk Health endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1468. type = list(string)
  1469. default = []
  1470. }
  1471. variable "elasticbeanstalk_health_endpoint_private_dns_enabled" {
  1472. description = "Whether or not to associate a private hosted zone with the specified VPC for Elastic Beanstalk Health endpoint"
  1473. type = bool
  1474. default = false
  1475. }
  1476. variable "enable_states_endpoint" {
  1477. description = "Should be true if you want to provision a Step Function endpoint to the VPC"
  1478. type = bool
  1479. default = false
  1480. }
  1481. variable "states_endpoint_security_group_ids" {
  1482. description = "The ID of one or more security groups to associate with the network interface for Step Function endpoint"
  1483. type = list(string)
  1484. default = []
  1485. }
  1486. variable "states_endpoint_subnet_ids" {
  1487. description = "The ID of one or more subnets in which to create a network interface for Step Function endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1488. type = list(string)
  1489. default = []
  1490. }
  1491. variable "states_endpoint_private_dns_enabled" {
  1492. description = "Whether or not to associate a private hosted zone with the specified VPC for Step Function endpoint"
  1493. type = bool
  1494. default = false
  1495. }
  1496. variable "enable_acm_pca_endpoint" {
  1497. description = "Should be true if you want to provision an ACM PCA endpoint to the VPC"
  1498. type = bool
  1499. default = false
  1500. }
  1501. variable "enable_rds_endpoint" {
  1502. description = "Should be true if you want to provision an RDS endpoint to the VPC"
  1503. type = bool
  1504. default = false
  1505. }
  1506. variable "rds_endpoint_security_group_ids" {
  1507. description = "The ID of one or more security groups to associate with the network interface for RDS endpoint"
  1508. type = list(string)
  1509. default = []
  1510. }
  1511. variable "rds_endpoint_subnet_ids" {
  1512. description = "The ID of one or more subnets in which to create a network interface for RDS endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1513. type = list(string)
  1514. default = []
  1515. }
  1516. variable "rds_endpoint_private_dns_enabled" {
  1517. description = "Whether or not to associate a private hosted zone with the specified VPC for RDS endpoint"
  1518. type = bool
  1519. default = false
  1520. }
  1521. variable "enable_codedeploy_endpoint" {
  1522. description = "Should be true if you want to provision an CodeDeploy endpoint to the VPC"
  1523. type = bool
  1524. default = false
  1525. }
  1526. variable "codedeploy_endpoint_security_group_ids" {
  1527. description = "The ID of one or more security groups to associate with the network interface for CodeDeploy endpoint"
  1528. type = list(string)
  1529. default = []
  1530. }
  1531. variable "codedeploy_endpoint_subnet_ids" {
  1532. description = "The ID of one or more subnets in which to create a network interface for CodeDeploy endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1533. type = list(string)
  1534. default = []
  1535. }
  1536. variable "codedeploy_endpoint_private_dns_enabled" {
  1537. description = "Whether or not to associate a private hosted zone with the specified VPC for CodeDeploy endpoint"
  1538. type = bool
  1539. default = false
  1540. }
  1541. variable "enable_codedeploy_commands_secure_endpoint" {
  1542. description = "Should be true if you want to provision an CodeDeploy Commands Secure endpoint to the VPC"
  1543. type = bool
  1544. default = false
  1545. }
  1546. variable "codedeploy_commands_secure_endpoint_security_group_ids" {
  1547. description = "The ID of one or more security groups to associate with the network interface for CodeDeploy Commands Secure endpoint"
  1548. type = list(string)
  1549. default = []
  1550. }
  1551. variable "codedeploy_commands_secure_endpoint_subnet_ids" {
  1552. description = "The ID of one or more subnets in which to create a network interface for CodeDeploy Commands Secure endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1553. type = list(string)
  1554. default = []
  1555. }
  1556. variable "codedeploy_commands_secure_endpoint_private_dns_enabled" {
  1557. description = "Whether or not to associate a private hosted zone with the specified VPC for CodeDeploy Commands Secure endpoint"
  1558. type = bool
  1559. default = false
  1560. }
  1561. variable "acm_pca_endpoint_security_group_ids" {
  1562. description = "The ID of one or more security groups to associate with the network interface for ACM PCA endpoint"
  1563. type = list(string)
  1564. default = []
  1565. }
  1566. variable "acm_pca_endpoint_subnet_ids" {
  1567. description = "The ID of one or more subnets in which to create a network interface for ACM PCA endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
  1568. type = list(string)
  1569. default = []
  1570. }
  1571. variable "acm_pca_endpoint_private_dns_enabled" {
  1572. description = "Whether or not to associate a private hosted zone with the specified VPC for ACM PCA endpoint"
  1573. type = bool
  1574. default = false
  1575. }
  1576. variable "map_public_ip_on_launch" {
  1577. description = "Should be false if you do not want to auto-assign public IP on launch"
  1578. type = bool
  1579. default = true
  1580. }
  1581. variable "customer_gateways" {
  1582. description = "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)"
  1583. type = map(map(any))
  1584. default = {}
  1585. }
  1586. variable "enable_vpn_gateway" {
  1587. description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
  1588. type = bool
  1589. default = false
  1590. }
  1591. variable "vpn_gateway_id" {
  1592. description = "ID of VPN Gateway to attach to the VPC"
  1593. type = string
  1594. default = ""
  1595. }
  1596. variable "amazon_side_asn" {
  1597. description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN."
  1598. type = string
  1599. default = "64512"
  1600. }
  1601. variable "vpn_gateway_az" {
  1602. description = "The Availability Zone for the VPN Gateway"
  1603. type = string
  1604. default = null
  1605. }
  1606. variable "propagate_intra_route_tables_vgw" {
  1607. description = "Should be true if you want route table propagation"
  1608. type = bool
  1609. default = false
  1610. }
  1611. variable "propagate_private_route_tables_vgw" {
  1612. description = "Should be true if you want route table propagation"
  1613. type = bool
  1614. default = false
  1615. }
  1616. variable "propagate_public_route_tables_vgw" {
  1617. description = "Should be true if you want route table propagation"
  1618. type = bool
  1619. default = false
  1620. }
  1621. variable "tags" {
  1622. description = "A map of tags to add to all resources"
  1623. type = map(string)
  1624. default = {}
  1625. }
  1626. variable "vpc_tags" {
  1627. description = "Additional tags for the VPC"
  1628. type = map(string)
  1629. default = {}
  1630. }
  1631. variable "igw_tags" {
  1632. description = "Additional tags for the internet gateway"
  1633. type = map(string)
  1634. default = {}
  1635. }
  1636. variable "public_subnet_tags" {
  1637. description = "Additional tags for the public subnets"
  1638. type = map(string)
  1639. default = {}
  1640. }
  1641. variable "private_subnet_tags" {
  1642. description = "Additional tags for the private subnets"
  1643. type = map(string)
  1644. default = {}
  1645. }
  1646. variable "public_route_table_tags" {
  1647. description = "Additional tags for the public route tables"
  1648. type = map(string)
  1649. default = {}
  1650. }
  1651. variable "private_route_table_tags" {
  1652. description = "Additional tags for the private route tables"
  1653. type = map(string)
  1654. default = {}
  1655. }
  1656. variable "database_route_table_tags" {
  1657. description = "Additional tags for the database route tables"
  1658. type = map(string)
  1659. default = {}
  1660. }
  1661. variable "redshift_route_table_tags" {
  1662. description = "Additional tags for the redshift route tables"
  1663. type = map(string)
  1664. default = {}
  1665. }
  1666. variable "elasticache_route_table_tags" {
  1667. description = "Additional tags for the elasticache route tables"
  1668. type = map(string)
  1669. default = {}
  1670. }
  1671. variable "intra_route_table_tags" {
  1672. description = "Additional tags for the intra route tables"
  1673. type = map(string)
  1674. default = {}
  1675. }
  1676. variable "database_subnet_tags" {
  1677. description = "Additional tags for the database subnets"
  1678. type = map(string)
  1679. default = {}
  1680. }
  1681. variable "database_subnet_group_tags" {
  1682. description = "Additional tags for the database subnet group"
  1683. type = map(string)
  1684. default = {}
  1685. }
  1686. variable "redshift_subnet_tags" {
  1687. description = "Additional tags for the redshift subnets"
  1688. type = map(string)
  1689. default = {}
  1690. }
  1691. variable "redshift_subnet_group_tags" {
  1692. description = "Additional tags for the redshift subnet group"
  1693. type = map(string)
  1694. default = {}
  1695. }
  1696. variable "elasticache_subnet_tags" {
  1697. description = "Additional tags for the elasticache subnets"
  1698. type = map(string)
  1699. default = {}
  1700. }
  1701. variable "intra_subnet_tags" {
  1702. description = "Additional tags for the intra subnets"
  1703. type = map(string)
  1704. default = {}
  1705. }
  1706. variable "public_acl_tags" {
  1707. description = "Additional tags for the public subnets network ACL"
  1708. type = map(string)
  1709. default = {}
  1710. }
  1711. variable "private_acl_tags" {
  1712. description = "Additional tags for the private subnets network ACL"
  1713. type = map(string)
  1714. default = {}
  1715. }
  1716. variable "intra_acl_tags" {
  1717. description = "Additional tags for the intra subnets network ACL"
  1718. type = map(string)
  1719. default = {}
  1720. }
  1721. variable "database_acl_tags" {
  1722. description = "Additional tags for the database subnets network ACL"
  1723. type = map(string)
  1724. default = {}
  1725. }
  1726. variable "redshift_acl_tags" {
  1727. description = "Additional tags for the redshift subnets network ACL"
  1728. type = map(string)
  1729. default = {}
  1730. }
  1731. variable "elasticache_acl_tags" {
  1732. description = "Additional tags for the elasticache subnets network ACL"
  1733. type = map(string)
  1734. default = {}
  1735. }
  1736. variable "dhcp_options_tags" {
  1737. description = "Additional tags for the DHCP option set (requires enable_dhcp_options set to true)"
  1738. type = map(string)
  1739. default = {}
  1740. }
  1741. variable "nat_gateway_tags" {
  1742. description = "Additional tags for the NAT gateways"
  1743. type = map(string)
  1744. default = {}
  1745. }
  1746. variable "nat_eip_tags" {
  1747. description = "Additional tags for the NAT EIP"
  1748. type = map(string)
  1749. default = {}
  1750. }
  1751. variable "customer_gateway_tags" {
  1752. description = "Additional tags for the Customer Gateway"
  1753. type = map(string)
  1754. default = {}
  1755. }
  1756. variable "vpn_gateway_tags" {
  1757. description = "Additional tags for the VPN gateway"
  1758. type = map(string)
  1759. default = {}
  1760. }
  1761. variable "vpc_endpoint_tags" {
  1762. description = "Additional tags for the VPC Endpoints"
  1763. type = map(string)
  1764. default = {}
  1765. }
  1766. variable "vpc_flow_log_tags" {
  1767. description = "Additional tags for the VPC Flow Logs"
  1768. type = map(string)
  1769. default = {}
  1770. }
  1771. variable "vpc_flow_log_permissions_boundary" {
  1772. description = "The ARN of the Permissions Boundary for the VPC Flow Log IAM Role"
  1773. type = string
  1774. default = null
  1775. }
  1776. variable "enable_dhcp_options" {
  1777. description = "Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
  1778. type = bool
  1779. default = false
  1780. }
  1781. variable "dhcp_options_domain_name" {
  1782. description = "Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)"
  1783. type = string
  1784. default = ""
  1785. }
  1786. variable "dhcp_options_domain_name_servers" {
  1787. description = "Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)"
  1788. type = list(string)
  1789. default = ["AmazonProvidedDNS"]
  1790. }
  1791. variable "dhcp_options_ntp_servers" {
  1792. description = "Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)"
  1793. type = list(string)
  1794. default = []
  1795. }
  1796. variable "dhcp_options_netbios_name_servers" {
  1797. description = "Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)"
  1798. type = list(string)
  1799. default = []
  1800. }
  1801. variable "dhcp_options_netbios_node_type" {
  1802. description = "Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)"
  1803. type = string
  1804. default = ""
  1805. }
  1806. variable "manage_default_vpc" {
  1807. description = "Should be true to adopt and manage Default VPC"
  1808. type = bool
  1809. default = false
  1810. }
  1811. variable "default_vpc_name" {
  1812. description = "Name to be used on the Default VPC"
  1813. type = string
  1814. default = ""
  1815. }
  1816. variable "default_vpc_enable_dns_support" {
  1817. description = "Should be true to enable DNS support in the Default VPC"
  1818. type = bool
  1819. default = true
  1820. }
  1821. variable "default_vpc_enable_dns_hostnames" {
  1822. description = "Should be true to enable DNS hostnames in the Default VPC"
  1823. type = bool
  1824. default = false
  1825. }
  1826. variable "default_vpc_enable_classiclink" {
  1827. description = "Should be true to enable ClassicLink in the Default VPC"
  1828. type = bool
  1829. default = false
  1830. }
  1831. variable "default_vpc_tags" {
  1832. description = "Additional tags for the Default VPC"
  1833. type = map(string)
  1834. default = {}
  1835. }
  1836. variable "manage_default_network_acl" {
  1837. description = "Should be true to adopt and manage Default Network ACL"
  1838. type = bool
  1839. default = false
  1840. }
  1841. variable "default_network_acl_name" {
  1842. description = "Name to be used on the Default Network ACL"
  1843. type = string
  1844. default = ""
  1845. }
  1846. variable "default_network_acl_tags" {
  1847. description = "Additional tags for the Default Network ACL"
  1848. type = map(string)
  1849. default = {}
  1850. }
  1851. variable "public_dedicated_network_acl" {
  1852. description = "Whether to use dedicated network ACL (not default) and custom rules for public subnets"
  1853. type = bool
  1854. default = false
  1855. }
  1856. variable "private_dedicated_network_acl" {
  1857. description = "Whether to use dedicated network ACL (not default) and custom rules for private subnets"
  1858. type = bool
  1859. default = false
  1860. }
  1861. variable "intra_dedicated_network_acl" {
  1862. description = "Whether to use dedicated network ACL (not default) and custom rules for intra subnets"
  1863. type = bool
  1864. default = false
  1865. }
  1866. variable "database_dedicated_network_acl" {
  1867. description = "Whether to use dedicated network ACL (not default) and custom rules for database subnets"
  1868. type = bool
  1869. default = false
  1870. }
  1871. variable "redshift_dedicated_network_acl" {
  1872. description = "Whether to use dedicated network ACL (not default) and custom rules for redshift subnets"
  1873. type = bool
  1874. default = false
  1875. }
  1876. variable "elasticache_dedicated_network_acl" {
  1877. description = "Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets"
  1878. type = bool
  1879. default = false
  1880. }
  1881. variable "default_network_acl_ingress" {
  1882. description = "List of maps of ingress rules to set on the Default Network ACL"
  1883. type = list(map(string))
  1884. default = [
  1885. {
  1886. rule_no = 100
  1887. action = "allow"
  1888. from_port = 0
  1889. to_port = 0
  1890. protocol = "-1"
  1891. cidr_block = "0.0.0.0/0"
  1892. },
  1893. {
  1894. rule_no = 101
  1895. action = "allow"
  1896. from_port = 0
  1897. to_port = 0
  1898. protocol = "-1"
  1899. ipv6_cidr_block = "::/0"
  1900. },
  1901. ]
  1902. }
  1903. variable "default_network_acl_egress" {
  1904. description = "List of maps of egress rules to set on the Default Network ACL"
  1905. type = list(map(string))
  1906. default = [
  1907. {
  1908. rule_no = 100
  1909. action = "allow"
  1910. from_port = 0
  1911. to_port = 0
  1912. protocol = "-1"
  1913. cidr_block = "0.0.0.0/0"
  1914. },
  1915. {
  1916. rule_no = 101
  1917. action = "allow"
  1918. from_port = 0
  1919. to_port = 0
  1920. protocol = "-1"
  1921. ipv6_cidr_block = "::/0"
  1922. },
  1923. ]
  1924. }
  1925. variable "public_inbound_acl_rules" {
  1926. description = "Public subnets inbound network ACLs"
  1927. type = list(map(string))
  1928. default = [
  1929. {
  1930. rule_number = 100
  1931. rule_action = "allow"
  1932. from_port = 0
  1933. to_port = 0
  1934. protocol = "-1"
  1935. cidr_block = "0.0.0.0/0"
  1936. },
  1937. ]
  1938. }
  1939. variable "public_outbound_acl_rules" {
  1940. description = "Public subnets outbound network ACLs"
  1941. type = list(map(string))
  1942. default = [
  1943. {
  1944. rule_number = 100
  1945. rule_action = "allow"
  1946. from_port = 0
  1947. to_port = 0
  1948. protocol = "-1"
  1949. cidr_block = "0.0.0.0/0"
  1950. },
  1951. ]
  1952. }
  1953. variable "private_inbound_acl_rules" {
  1954. description = "Private subnets inbound network ACLs"
  1955. type = list(map(string))
  1956. default = [
  1957. {
  1958. rule_number = 100
  1959. rule_action = "allow"
  1960. from_port = 0
  1961. to_port = 0
  1962. protocol = "-1"
  1963. cidr_block = "0.0.0.0/0"
  1964. },
  1965. ]
  1966. }
  1967. variable "private_outbound_acl_rules" {
  1968. description = "Private subnets outbound network ACLs"
  1969. type = list(map(string))
  1970. default = [
  1971. {
  1972. rule_number = 100
  1973. rule_action = "allow"
  1974. from_port = 0
  1975. to_port = 0
  1976. protocol = "-1"
  1977. cidr_block = "0.0.0.0/0"
  1978. },
  1979. ]
  1980. }
  1981. variable "intra_inbound_acl_rules" {
  1982. description = "Intra subnets inbound network ACLs"
  1983. type = list(map(string))
  1984. default = [
  1985. {
  1986. rule_number = 100
  1987. rule_action = "allow"
  1988. from_port = 0
  1989. to_port = 0
  1990. protocol = "-1"
  1991. cidr_block = "0.0.0.0/0"
  1992. },
  1993. ]
  1994. }
  1995. variable "intra_outbound_acl_rules" {
  1996. description = "Intra subnets outbound network ACLs"
  1997. type = list(map(string))
  1998. default = [
  1999. {
  2000. rule_number = 100
  2001. rule_action = "allow"
  2002. from_port = 0
  2003. to_port = 0
  2004. protocol = "-1"
  2005. cidr_block = "0.0.0.0/0"
  2006. },
  2007. ]
  2008. }
  2009. variable "database_inbound_acl_rules" {
  2010. description = "Database subnets inbound network ACL rules"
  2011. type = list(map(string))
  2012. default = [
  2013. {
  2014. rule_number = 100
  2015. rule_action = "allow"
  2016. from_port = 0
  2017. to_port = 0
  2018. protocol = "-1"
  2019. cidr_block = "0.0.0.0/0"
  2020. },
  2021. ]
  2022. }
  2023. variable "database_outbound_acl_rules" {
  2024. description = "Database subnets outbound network ACL rules"
  2025. type = list(map(string))
  2026. default = [
  2027. {
  2028. rule_number = 100
  2029. rule_action = "allow"
  2030. from_port = 0
  2031. to_port = 0
  2032. protocol = "-1"
  2033. cidr_block = "0.0.0.0/0"
  2034. },
  2035. ]
  2036. }
  2037. variable "redshift_inbound_acl_rules" {
  2038. description = "Redshift subnets inbound network ACL rules"
  2039. type = list(map(string))
  2040. default = [
  2041. {
  2042. rule_number = 100
  2043. rule_action = "allow"
  2044. from_port = 0
  2045. to_port = 0
  2046. protocol = "-1"
  2047. cidr_block = "0.0.0.0/0"
  2048. },
  2049. ]
  2050. }
  2051. variable "redshift_outbound_acl_rules" {
  2052. description = "Redshift subnets outbound network ACL rules"
  2053. type = list(map(string))
  2054. default = [
  2055. {
  2056. rule_number = 100
  2057. rule_action = "allow"
  2058. from_port = 0
  2059. to_port = 0
  2060. protocol = "-1"
  2061. cidr_block = "0.0.0.0/0"
  2062. },
  2063. ]
  2064. }
  2065. variable "elasticache_inbound_acl_rules" {
  2066. description = "Elasticache subnets inbound network ACL rules"
  2067. type = list(map(string))
  2068. default = [
  2069. {
  2070. rule_number = 100
  2071. rule_action = "allow"
  2072. from_port = 0
  2073. to_port = 0
  2074. protocol = "-1"
  2075. cidr_block = "0.0.0.0/0"
  2076. },
  2077. ]
  2078. }
  2079. variable "elasticache_outbound_acl_rules" {
  2080. description = "Elasticache subnets outbound network ACL rules"
  2081. type = list(map(string))
  2082. default = [
  2083. {
  2084. rule_number = 100
  2085. rule_action = "allow"
  2086. from_port = 0
  2087. to_port = 0
  2088. protocol = "-1"
  2089. cidr_block = "0.0.0.0/0"
  2090. },
  2091. ]
  2092. }
  2093. variable "manage_default_security_group" {
  2094. description = "Should be true to adopt and manage default security group"
  2095. type = bool
  2096. default = false
  2097. }
  2098. variable "default_security_group_name" {
  2099. description = "Name to be used on the default security group"
  2100. type = string
  2101. default = "default"
  2102. }
  2103. variable "default_security_group_ingress" {
  2104. description = "List of maps of ingress rules to set on the default security group"
  2105. type = list(map(string))
  2106. default = null
  2107. }
  2108. variable "enable_flow_log" {
  2109. description = "Whether or not to enable VPC Flow Logs"
  2110. type = bool
  2111. default = false
  2112. }
  2113. variable "default_security_group_egress" {
  2114. description = "List of maps of egress rules to set on the default security group"
  2115. type = list(map(string))
  2116. default = null
  2117. }
  2118. variable "default_security_group_tags" {
  2119. description = "Additional tags for the default security group"
  2120. type = map(string)
  2121. default = {}
  2122. }
  2123. variable "create_flow_log_cloudwatch_log_group" {
  2124. description = "Whether to create CloudWatch log group for VPC Flow Logs"
  2125. type = bool
  2126. default = false
  2127. }
  2128. variable "create_flow_log_cloudwatch_iam_role" {
  2129. description = "Whether to create IAM role for VPC Flow Logs"
  2130. type = bool
  2131. default = false
  2132. }
  2133. variable "flow_log_traffic_type" {
  2134. description = "The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL."
  2135. type = string
  2136. default = "ALL"
  2137. }
  2138. variable "flow_log_destination_type" {
  2139. description = "Type of flow log destination. Can be s3 or cloud-watch-logs."
  2140. type = string
  2141. default = "cloud-watch-logs"
  2142. }
  2143. variable "flow_log_log_format" {
  2144. description = "The fields to include in the flow log record, in the order in which they should appear."
  2145. type = string
  2146. default = null
  2147. }
  2148. variable "flow_log_destination_arn" {
  2149. description = "The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided."
  2150. type = string
  2151. default = ""
  2152. }
  2153. variable "flow_log_cloudwatch_iam_role_arn" {
  2154. description = "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided."
  2155. type = string
  2156. default = ""
  2157. }
  2158. variable "flow_log_cloudwatch_log_group_name_prefix" {
  2159. description = "Specifies the name prefix of CloudWatch Log Group for VPC flow logs."
  2160. type = string
  2161. default = "/aws/vpc-flow-log/"
  2162. }
  2163. variable "flow_log_cloudwatch_log_group_retention_in_days" {
  2164. description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs."
  2165. type = number
  2166. default = null
  2167. }
  2168. variable "flow_log_cloudwatch_log_group_kms_key_id" {
  2169. description = "The ARN of the KMS Key to use when encrypting log data for VPC flow logs."
  2170. type = string
  2171. default = null
  2172. }
  2173. variable "flow_log_max_aggregation_interval" {
  2174. description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds."
  2175. type = number
  2176. default = 600
  2177. }
  2178. variable "create_igw" {
  2179. description = "Controls if an Internet Gateway is created for public subnets and the related routes that connect them."
  2180. type = bool
  2181. default = true
  2182. }
  2183. variable "create_egress_only_igw" {
  2184. description = "Controls if an Egress Only Internet Gateway is created and its related routes."
  2185. type = bool
  2186. default = true
  2187. }