generated from blackbird-cloud/terraform-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
118 lines (101 loc) · 2.75 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
variable "purpose" {
type = string
description = "Purpose for the bucket and KMS key, used in the description fields."
}
variable "service_principals" {
type = list(string)
default = []
description = "List of service principals that can access the bucket."
}
variable "iam_principals" {
type = list(string)
default = []
description = "List of IAM principals that can access the bucket."
}
variable "object_actions" {
type = list(string)
default = ["s3:PutObject"]
description = "List of object actions that the principals are allowed to execute."
}
variable "bucket_actions" {
type = list(string)
default = ["s3:ListBucket"]
description = "List of bucket actions that the principals are allowed to execute."
}
variable "kms_actions" {
type = list(string)
default = ["kms:GenerateDataKey*"]
description = "List of KMS key actions that the principals are allowed to execute."
}
variable "acl" {
type = string
default = "private"
description = "Bucket ACL"
}
variable "versioning" {
type = bool
default = true
description = "Object versioning"
}
variable "logging" {
type = map(string)
description = "Map containing access bucket logging configuration."
default = {}
}
variable "bucket_prefix" {
type = string
description = "Instead of a bucket name we use a bucket-prefix, also used for KMS key alias prefix."
}
variable "attach_elb_log_delivery_policy" {
type = bool
default = false
description = "Attach ELB log delivery policy"
}
variable "attach_lb_log_delivery_policy" {
type = bool
default = false
description = "Attach LB log delivery policy"
}
variable "encrypt_with_aws_managed_keys" {
type = bool
default = false
description = "Encrypt the data with a KMS key"
}
variable "lifecycle_rule" {
type = any
default = [{
id = "lifecycle-rule-1"
enabled = true
transition = [
{
days = 30
storage_class = "ONEZONE_IA"
}, {
days = 60
storage_class = "GLACIER"
}
]
noncurrent_version_expiration = {
days = 90
}
}]
description = "List of maps containing configuration of object lifecycle management."
}
variable "replication_configuration" {
description = "Map containing cross-region replication configuration."
type = any
default = {}
}
variable "kms_key_policy_statements" {
type = list(object({
sid : string
effect : string
actions : list(string)
principals : list(object({
type : string
identifiers : list(string)
}))
}))
default = []
description = "(Optional) Additional KMS key policy statements to add."
}