generated from ministryofjustice/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 4
/
variables.tf
204 lines (181 loc) · 5.36 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
variable "acl" {
type = string
description = "Use canned ACL on the bucket instead of BucketOwnerEnforced ownership controls. var.ownership_controls must be set to corresponding value below."
default = "private"
}
variable "ownership_controls" {
type = string
description = "Bucket Ownership Controls - for use WITH acl var above options are 'BucketOwnerPreferred' or 'ObjectWriter'. To disable ACLs and use new AWS recommended controls set this to 'BucketOwnerEnforced' and which will disabled ACLs and ignore var.acl"
default = "ObjectWriter"
}
variable "versioning_enabled" {
type = bool
description = "Activate S3 bucket versioning"
default = true
}
variable "replication_enabled" {
type = bool
description = "Activate S3 bucket replication"
default = false
}
variable "replication_region" {
type = string
description = "Region to create S3 replication bucket"
default = "eu-west-2"
}
variable "bucket_policy" {
type = list(string)
description = "JSON for the bucket policy"
default = ["{}"]
}
variable "bucket_policy_v2" {
type = list(object({
effect = string
actions = list(string)
principals = optional(object({
type = string
identifiers = list(string)
}))
conditions = optional(list(object({
test = string
variable = string
values = list(string)
})), [])
}))
description = "Alternative to bucket_policy. Define policies directly without needing to know the bucket ARN"
default = []
}
variable "bucket_prefix" {
type = string
description = "Bucket prefix, which will include a randomised suffix to ensure globally unique names"
default = null
}
variable "bucket_name" {
type = string
description = "Please use bucket_prefix instead of bucket_name to ensure a globally unique name."
default = null
}
variable "custom_kms_key" {
type = string
description = "KMS key ARN to use"
default = ""
}
variable "custom_replication_kms_key" {
type = string
description = "KMS key ARN to use for replication to eu-west-2"
default = ""
}
variable "lifecycle_rule" {
description = "List of maps containing configuration of object lifecycle management."
type = any
default = [{
id = "main"
enabled = "Enabled"
prefix = ""
tags = {
rule = "log"
autoclean = "true"
}
transition = [
{
days = 90
storage_class = "STANDARD_IA"
}, {
days = 365
storage_class = "GLACIER"
}
]
expiration = {
days = 730
}
noncurrent_version_transition = [
{
days = 90
storage_class = "STANDARD_IA"
}, {
days = 365
storage_class = "GLACIER"
}
]
noncurrent_version_expiration = {
days = 730
}
}]
}
variable "log_buckets" {
type = map(any)
description = "Map containing log bucket details and its associated bucket policy."
default = null
nullable = true
}
variable "log_bucket" {
type = string
description = "Unique name of s3 bucket to log to (not defined in terraform)"
default = null
nullable = true
}
variable "log_bucket_names" {
type = set(string)
description = "Unique names of s3 bucket to log to (not defined in terraform)"
default = null
nullable = true
}
variable "log_partition_date_source" {
type = string
default = "None"
description = "Partition logs by date. Allowed values are 'EventTime', 'DeliveryTime', or 'None'."
validation {
condition = contains(["EventTime", "DeliveryTime", "None"], var.log_partition_date_source)
error_message = "log_partition_date_source must be either 'EventTime', 'DeliveryTime', or 'None'."
}
}
variable "log_prefix" {
type = string
description = "Prefix for all log object keys."
default = null
nullable = true
}
variable "replication_role_arn" {
type = string
description = "Role ARN to access S3 and replicate objects"
default = ""
}
variable "tags" {
type = map(any)
description = "Tags to apply to resources, where applicable"
}
variable "force_destroy" {
type = bool
description = "A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable."
default = false
}
variable "sse_algorithm" {
type = string
description = "The server-side encryption algorithm to use"
default = "aws:kms"
}
variable "notification_sns_arn" {
type = string
description = "The arn for the bucket notification SNS topic"
default = ""
}
variable "notification_enabled" {
type = bool
description = "Boolean indicating if a notification resource is required for the bucket"
default = false
}
variable "notification_events" {
type = list(string)
description = "The event for which we send notifications"
default = [""]
}
variable "suffix_name" {
type = string
default = ""
description = "Suffix for role and policy names"
}
variable "replication_bucket" {
type = string
description = "Name of bucket used for replication - if not specified then * will be used in the policy"
default = ""
}