-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy path_variables.tf
167 lines (140 loc) · 5.12 KB
/
_variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
variable "name" {
description = "Name of your ECS service"
type = string
}
variable "hostnames" {
description = "Hostnames to create DNS record for this app that the cloudfront distribution will accept"
type = list(string)
}
variable "dynamic_custom_error_response" {
description = "One or more custom error response elements (multiples allowed)"
type = list(object({
error_code = optional(number)
response_code = optional(number)
response_page_path = optional(string)
}))
default = []
}
variable "hostname_create" {
description = "Create hostnames in the hosted zone passed?"
default = true
type = bool
}
variable "hosted_zone" {
description = "Existing Hosted Zone domain to add hostnames as DNS records"
type = string
}
variable "alb_cloudfront_key" {
description = "Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront"
type = string
}
variable "alb_dns_name" {
description = "ALB DNS Name that CloudFront will point as origin"
type = string
}
variable "certificate_arn" {
description = "Certificate for this app to use in CloudFront (US), must cover `hostname`."
type = string
}
variable "cloudfront_forward_headers" {
default = ["*"]
description = "Headers to forward to origin from CloudFront"
type = list(string)
}
variable "cloudfront_logging_bucket" {
type = string
default = null
description = "Bucket to store logs from app"
}
variable "cloudfront_logging_prefix" {
type = string
default = ""
description = "Logging prefix"
}
variable "cloudfront_origin_keepalive_timeout" {
default = 5
description = "The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds."
type = number
}
variable "cloudfront_origin_read_timeout" {
default = 30
description = "The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds."
type = number
}
variable "alarm_cloudfront_500_errors_threshold" {
default = 5
description = "Cloudfront 500 Errors rate threshold (use 0 to disable this alarm)"
type = number
}
variable "alarm_sns_topics_us" {
default = []
description = "Alarm topics to create and alert on metrics on US region"
type = list(string)
}
variable "iam_certificate_id" {
description = "Specifies IAM certificate id for CloudFront distribution"
type = string
default = null
}
variable "minimum_protocol_version" {
description = <<EOF
The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1.2_2018.
NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id),
and have specified sni-only in ssl_support_method, TLSv1 or later must be specified.
If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified.
If you have specified cloudfront_default_certificate, TLSv1 must be specified.
EOF
type = string
default = "TLSv1.2_2018"
}
variable "restriction_type" {
description = "The restriction type of your CloudFront distribution geolocation restriction. Options include none, whitelist, blacklist"
type = string
default = "none"
}
variable "restriction_location" {
description = "The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist)"
type = list(any)
default = []
}
variable "dynamic_custom_origin_config" {
description = "Configuration for the custom origin config to be used in dynamic block"
type = any
default = []
}
variable "dynamic_ordered_cache_behavior" {
description = "Ordered Cache Behaviors to be used in dynamic block"
type = any
default = []
}
variable "alarm_prefix" {
type = string
description = "String prefix for cloudwatch alarms. (Optional)"
default = "alarm"
}
variable "waf_cloudfront_enable" {
type = bool
description = "Enable WAF for Cloudfront distribution"
default = false
}
variable "wafv2_managed_rule_groups" {
type = list(string)
default = ["AWSManagedRulesCommonRuleSet"]
description = "List of WAF V2 managed rule groups, set to count"
}
variable "wafv2_managed_block_rule_groups" {
type = list(string)
default = []
description = "List of WAF V2 managed rule groups, set to block"
}
variable "wafv2_rate_limit_rule" {
type = number
default = 0
description = "The limit on requests per 5-minute period for a single originating IP address (leave 0 to disable)"
}
variable "record_type" {
type = string
description = "Type of the record to create on Route53"
default = "CNAME"
}