forked from nozaq/terraform-aws-secure-baseline
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
57 lines (48 loc) · 2.12 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
variable "enable_flow_logs" {
description = "The boolean flag whether to enable VPC Flow Logs in the default VPC"
type = bool
default = true
}
variable "flow_logs_destination_type" {
description = "The type of the logging destination. Valid values: cloud-watch-logs, s3"
type = string
default = "cloud-watch-logs"
}
# --------------------------------------------------------------------------------------------------
# Variables for CloudWatch Logs logging.
# --------------------------------------------------------------------------------------------------
variable "flow_logs_log_group_name" {
description = "The name of CloudWatch Logs group to which VPC Flow Logs are delivered if vpc_log_destination_type is cloud-watch-logs."
type = string
default = ""
}
variable "flow_logs_iam_role_arn" {
description = "The ARN of the IAM Role which will be used by VPC Flow Logs if vpc_log_destination_type is cloud-watch-logs."
type = string
default = ""
}
variable "flow_logs_retention_in_days" {
description = "Number of days to retain logs if vpc_log_destination_type is cloud-watch-logs. CIS recommends 365 days. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. Set to 0 to keep logs indefinitely."
type = number
default = 365
}
# --------------------------------------------------------------------------------------------------
# Variables for S3 logging.
# --------------------------------------------------------------------------------------------------
variable "flow_logs_s3_arn" {
description = "The ARN of the S3 bucket to which VPC Flow Logs are delivered if vpc_log_destination_type is s3."
type = string
default = ""
}
variable "flow_logs_s3_key_prefix" {
description = "The prefix used when VPC Flow Logs delivers logs to the S3 bucket."
type = string
default = "flow-logs"
}
variable "tags" {
description = "Specifies object tags key and value. This applies to all resources created by this module."
type = map(string)
default = {
"Terraform" = "true"
}
}