-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvariables.tf
122 lines (101 loc) · 3 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
variable "env" {
type = string
description = "Environment name, for example `dev`"
}
variable "name" {
type = string
description = "Name of the bastion host"
default = "bastion"
}
variable "vpc_id" {
type = string
description = "VPC ID where the bastion host will be created"
}
variable "public_subnets" {
type = list(string)
description = "Public subnets (if set, private subnets are ignored)"
default = []
}
variable "private_subnets" {
type = list(string)
description = "Private subnets"
}
variable "ec2_key_pair_name" {
type = string
description = "EC2 Key Pair Name that the bastion host would be created with"
}
variable "instance_type" {
type = string
description = "EC2 instance type for bastion host"
default = "t4g.nano"
}
variable "instance_ami" {
type = string
description = "AMI ID override for the bastion host. Keep in mind, this module config is targeting Amazon Linux 2023)"
default = ""
}
variable "security_groups" {
type = list(any)
description = "Additional security groups to add to bastion host"
default = []
}
variable "manage_security_group" {
type = bool
description = "Whether to manage the security group for the bastion host"
default = true
}
variable "manage_iam_instance_profile" {
type = bool
description = "Whether to manage the IAM role for the bastion host"
default = true
}
variable "ssm_role" {
type = string
description = "SSM role to attach to the bastion host"
default = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
}
variable "tags" {
type = map(string)
description = "Additional tags for the resources"
default = {}
}
variable "allowed_cidr_blocks" {
type = list(string)
description = "List of network subnets that are allowed. According to PCI-DSS, CIS AWS and SOC2 providing a default wide-open CIDR is not secure."
}
variable "asg_enabled" {
type = bool
description = "Enable autoscaling group for bastion host. If enabled, the bastion host will be created as an autoscaling group"
default = false
}
variable "asg_cpu_core_count" {
type = number
description = "Number of CPU cores to use for autoscaling group"
default = 1
}
variable "asg_cpu_threads_per_core" {
type = number
description = "Number of threads per core to use for autoscaling group"
default = 1
}
# TODO: This will be working in the next releases
# variable "atun_config" {
# type = map(string)
# description = "Atun port forwarding discovery configuration"
# default = {}
# }
variable "disk_size" {
type = number
description = "Disk size for the bastion host"
default = 20
}
variable "disk_type" {
type = string
description = "Disk type for the bastion host"
default = "gp3"
}
variable "external_ebs_volume_id" {
type = string
description = "External EBS volume ID to attach to the bastion host"
default = ""
}