forked from joshuamkite/terraform-aws-ssh-bastion-service
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
executable file
·235 lines (191 loc) · 6.31 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
variable "bastion_instance_type" {
description = "The virtual hardware to be used for the bastion service host"
default = "t2.micro"
}
variable "cidr_blocks_whitelist_host" {
description = "range(s) of incoming IP addresses to whitelist for the HOST"
type = list(string)
default = []
}
variable "cidr_blocks_whitelist_service" {
description = "range(s) of incoming IP addresses to whitelist for the SERVICE"
type = list(string)
default = []
}
variable "environment_name" {
description = "the name of the environment that we are deploying to, used in tagging. Overwritten if var.service_name and var.bastion_host_name values are changed"
default = "staging"
}
variable "vpc" {
description = "ID for Virtual Private Cloud to apply security policy and deploy stack to"
}
variable "bastion_service_host_key_name" {
description = "AWS ssh key *.pem to be used for ssh access to the bastion service host"
default = ""
}
variable "public_ip" {
default = false
description = "Associate a public IP with the host instance when launching"
}
variable "subnets_lb" {
type = list(string)
description = "list of subnets for load balancer - availability zones must match subnets_asg"
default = []
}
variable "subnets_asg" {
type = list(string)
description = "list of subnets for autoscaling group - availability zones must match subnets_lb"
default = []
}
variable "dns_domain" {
description = "The domain used for Route53 records"
default = ""
}
variable "route53_zone_id" {
description = "Route53 zoneId"
default = ""
}
variable "bastion_allowed_iam_group" {
type = string
description = "Name IAM group, members of this group will be able to ssh into bastion instances if they have provided ssh key in their profile"
default = ""
}
variable "tags" {
type = map(string)
description = "AWS tags that should be associated with created resources"
default = {}
}
variable "bastion_host_name" {
type = string
default = ""
description = "The hostname to give to the bastion instance"
}
##############################
#LB ASG variables
##############################
variable "lb_healthy_threshold" {
type = string
description = "Healthy threshold for lb target group"
default = "2"
}
variable "lb_unhealthy_threshold" {
type = string
description = "Unhealthy threshold for lb target group"
default = "2"
}
variable "lb_interval" {
type = string
description = "interval for lb target group health check"
default = "30"
}
variable "lb_is_internal" {
type = string
description = "whether the lb will be internal"
default = false
}
variable "asg_max" {
type = string
description = "Max numbers of bastion-service hosts in ASG"
default = "2"
}
variable "asg_min" {
type = string
description = "Min numbers of bastion-service hosts in ASG"
default = "1"
}
variable "asg_desired" {
type = string
description = "Desired numbers of bastion-service hosts in ASG"
default = "1"
}
variable "aws_region" {
}
variable "aws_profile" {
}
variable "assume_role_arn" {
description = "arn for role to assume in separate identity account if used"
default = ""
}
variable "lb_healthcheck_port" {
description = "TCP port to conduct lb target group healthchecks. Acceptable values are 22 or 2222"
default = "2222"
}
variable "lb_access_logs_bucket" {
description = "Name of the bucket to store load balancer access logs"
default = null
}
variable "lb_access_logs_prefix" {
description = "Prefix to add to access logs in the bucket"
default = null
}
variable "bastion_vpc_name" {
description = "define the last part of the hostname, by default this is the vpc ID with magic default value of 'vpc_id' but you can pass a custom string, or an empty value to omit this"
default = "vpc_id"
}
variable "container_image" {
description = "Docker image to use for containers"
default = "ubuntu:16.04"
}
variable "extra_user_data_content" {
default = ""
description = "Extra user-data to add to the default built-in"
}
variable "extra_user_data_content_type" {
default = "text/x-shellscript"
description = "What format is content in - eg 'text/cloud-config' or 'text/x-shellscript'"
}
variable "extra_user_data_merge_type" {
# default = "list(append)+dict(recurse_array)+str()"
default = "str(append)"
description = "Control how cloud-init merges user-data sections"
}
variable "custom_ssh_populate" {
description = "any value excludes default ssh_populate script used on container launch from userdata"
default = ""
}
variable "custom_authorized_keys_command" {
description = "any value excludes default Go binary iam-authorized-keys built from source from userdata"
default = ""
}
variable "custom_docker_setup" {
description = "any value excludes default docker installation and container build from userdata"
default = ""
}
variable "custom_systemd" {
description = "any value excludes default systemd and hostname change from userdata"
default = ""
}
variable "custom_ami_id" {
description = "id for custom ami if used"
default = ""
}
variable "ebs_root_size" {
description = "Volume size of the EC2 root EBS (in GB)"
default = 8
}
variable "ebs_root_type" {
description = "Volume type of the EC2 root EBS (standard, gp2, or io1)"
default = "standard"
}
variable "ebs_root_encryption" {
description = "Enable/disable encryption on the EC2 root EBS"
default = false
}
variable "security_groups_additional" {
description = "additional security group IDs to attach to host instance"
type = list(string)
default = []
}
variable "security_group_egress_cidr_blocks" {
description = "CIDR blocks for security group egress rule"
type = list(string)
default = ["0.0.0.0/0"]
}
variable "service_name" {
description = "Unique name per vpc for associated resources- set to some non-default value for multiple deployments per vpc"
default = "bastion-service"
}
variable "route53_fqdn" {
description = "If creating a public DNS entry with this module then you may override the default constructed DNS entry by supplying a fully qualified domain name here which will be used verbatim"
default = ""
}