-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
139 lines (110 loc) · 3.22 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
############################
## Environment #############
############################
variable "env" {
type = "string"
description = "The environment that Vault will be run in"
}
variable "region" {
type = "string"
description = "The AWS region to use"
}
variable "dr_region" {
type = "string"
description = "The AWS Region to use for disaster recovery"
}
variable "aws_account_id" {
type = "string"
description = "The account id of the AWS account to place resources in"
}
variable "tags" {
type = "map"
description = "A map of tags to apply to all resources"
}
variable "tags_asg" {
type = "list"
description = "A list of maps of tags to apply to the autoscaling group"
}
############################
## Networking ##############
############################
variable "vault_dns_address" {
type = "string"
description = "The DNS address that vault will be accessible at"
}
variable "vpc_id" {
type = "string"
description = "The ID of the VPC to use"
}
variable "alb_subnets" {
type = "list"
description = "A list of subnets to launch the ALB in"
}
variable "ec2_subnets" {
type = "list"
description = "A list of subnets to launch the EC2 instances in"
}
variable "alb_allowed_ingress_cidrs" {
type = "list"
description = "A list of CIDRs to allow traffic into the ALB"
}
variable "alb_allowed_egress_cidrs" {
type = "list"
description = "A list of CIDRS to allow traffic out from ALB. This should match the subnet CIDRs that the Vault EC2 instances are launched in"
}
############################
## ALB #####################
############################
variable "alb_certificate_arn" {
type = "string"
description = "The ARN of the certificate to use on the ALB"
}
variable "alb_internal" {
type = "string"
description = "true for an internal-only Vault instance, false otherwise"
}
############################
## EC2 #####################
############################
variable "ami_id" {
type = "string"
description = "The ID of the AMI to use to launch Vault"
}
variable "instance_type" {
type = "string"
description = "The type of instance to launch vault on"
}
variable "ssh_key_name" {
type = "string"
description = "The name of the ssh key to use for the EC2 instance"
}
variable "asg_min_size" {
type = "string"
description = "Minimum number of instances in the ASG"
}
variable "asg_max_size" {
type = "string"
description = "Maximum number of instances in the ASG"
}
variable "asg_desired_capacity" {
type = "string"
description = "Desired number of instances in the ASG"
}
############################
## S3 ######################
############################
variable "vault_resources_bucket_name" {
type = "string"
description = "The name of the vault resources bucket"
}
variable "vault_data_bucket_name" {
type = "string"
description = "The name of the vault data bucket"
}
############################
## DynamoDB ################
############################
variable "dynamodb_table_name" {
type = "string"
description = "The name of the dynamodb table that vault will create to coordinate HA"
}