-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy path_variables.tf
213 lines (171 loc) · 5.58 KB
/
_variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
variable "name" {
description = "Name of this ECS cluster."
}
variable "kms_key_s3_arn" {
type = string
description = "ARN of a KMS Key to use on S3 buckets"
default = ""
}
variable "s3_bucket_policy" {
description = "Openvpn S3 bucket policy"
default = ""
}
variable "kms_key_ebs_arn" {
type = string
description = "ARN of a KMS Key to use on EBS volumes"
default = ""
}
variable "kms_key_efs_arn" {
type = string
description = "ARN of a KMS Key to use on EFS volumes"
default = ""
}
variable "throughput_mode" {
type = string
default = "bursting"
description = "Throughput mode for the file system. Defaults to bursting. Valid values: bursting, provisioned."
}
variable "provisioned_throughput_in_mibps" {
default = 0
description = "The throughput, measured in MiB/s, that you want to provision for the file system."
}
variable "backup" {
type = string
default = "true"
description = "Assing a backup tag to efs resource - Backup will be performed by AWS Backup."
}
variable "vpc_id" {
description = "VPC ID to deploy the ECS cluster."
}
variable "private_subnet_ids" {
type = list(string)
description = "List of private subnet IDs for ECS instances and Internal ALB when enabled."
}
variable "public_subnet_ids" {
type = list(string)
description = "List of public subnet IDs for ECS ALB."
}
variable "secure_subnet_ids" {
type = list(string)
description = "List of secure subnet IDs for EFS."
}
variable "instance_type_1" {
description = "Instance type for ECS workers (first priority)."
}
variable "instance_type_2" {
description = "Instance type for ECS workers (second priority)."
}
variable "instance_type_3" {
description = "Instance type for ECS workers (third priority)."
}
variable "instance_volume_size" {
description = "Volume size for docker volume (in GB)."
default = 30
}
variable "instance_volume_size_root" {
description = "Volume size for root volume (in GB)."
default = 16
}
variable "on_demand_base_capacity" {
description = "You can designate a base portion of your total capacity as On-Demand. As the group scales, per your settings, the base portion is provisioned first, while additional On-Demand capacity is percentage-based."
default = 0
}
variable "on_demand_percentage" {
description = "Percentage of on-demand intances vs spot."
default = 0
}
variable "architecture" {
default = "x86_64"
description = "Architecture to select the AMI, x86_64 or arm64"
}
variable "hostname_create" {
default = "true"
description = "Optional parameter to create or not a Route53 record"
}
variable "hosted_zone" {
default = ""
description = "Hosted Zone to create DNS record for this app"
}
variable "hosted_zone_id" {
default = ""
description = "Hosted Zone ID to create DNS record for this app (prefer this instead of hosted_zone)"
}
variable "protocol" {
default = "tcp"
description = "Protocol that will be use by the vpn"
}
variable "userdata" {
default = ""
description = "Extra commands to pass to userdata."
}
variable "security_group_ids" {
type = list(string)
default = []
description = "Extra security groups for instances."
}
variable "nlb_security_group_ids" {
type = list(string)
default = []
description = "Extra security groups for instances."
}
variable "asg_protect_from_scale_in" {
default = false
description = "(Optional) Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events."
}
variable "target_group_arns" {
default = []
type = list(string)
description = "List of target groups for ASG to register."
}
variable "autoscaling_health_check_grace_period" {
default = 300
description = "The length of time that Auto Scaling waits before checking an instance's health status. The grace period begins when an instance comes into service."
}
variable "autoscaling_default_cooldown" {
default = 300
description = "The amount of time, in seconds, after a scaling activity completes before another scaling activity can start."
}
variable "asg_target_capacity" {
default = 70
description = "Target average capacity percentage for the ECS capacity provider to track for autoscaling."
}
variable "lb_access_logs_bucket" {
type = string
default = ""
description = "Bucket to store logs from lb access."
}
variable "lb_access_logs_prefix" {
type = string
default = ""
description = "Bucket prefix to store lb access logs."
}
variable "cw_retention_period" {
default = 0
description = "Retention period (in days) for Cloud Watch log group. Default to Never Expire."
}
variable "alb_ssl_policy" {
default = "ELBSecurityPolicy-2016-08"
type = string
description = "The name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS."
}
# VPN_SERVICE
variable "image" {
default = "dnxsolutions/openvpn:2.4.0"
}
variable "requester_cidrs" {
default = []
type = list(string)
description = "List of CIDRs to add to openvpn-access SG so clients can connect to resources"
}
variable "domain_name" {
default = "vpn.address"
description = "Domain name to point to openvpn container for external access"
}
variable "route_push" {
default = ""
description = "List of routes to push to client, comma-separated (ex: '10.100.0.0 255.255.0.0,10.200.0.0 255.255.0.0')"
}
variable "mfa" {
default = "false"
description = "Enable or disable MFA for VPN users"
}