-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path80_variables.tf
145 lines (123 loc) · 4.36 KB
/
80_variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# Basic Variables
variable "profile" {
description = "the AWS profile to use"
}
variable "vpc_id" {
description = "ID of the VPC the security_group should be connected to"
}
variable "description" {
description = "The description of the security group"
}
variable "name" {
description = "The name of the security group"
}
variable "custom_tags" {
type = "map"
default = {}
}
# Variables for IPv4 cidr_based rules
variable "cidr_ipv4_ingress_rules" {
description = "Ports to be allowed for ingress connections based on cidr-blocks. The needed values are protocols, cidr_blocks, ports"
type = "map"
default = {
"protocols" = "tcp",
"ports" = "",
"cidr_blocks" = ""
"descriptions" = ""
}
}
variable "cidr_ipv4_ingress_rules_count" {
description = "Amount of ingress rules. Has to be equal to the amount of ports given in variable cidr_ingress_rules"
default = 0
}
variable "cidr_ipv4_egress_rules" {
description = "Ports to be allowed for egress connections based on cidr-blocks. The needed values are protocols, cidr_blocks, ports"
type = "map"
default = {
"protocols" = "-1",
"ports" = "0"
"cidr_blocks" = "0.0.0.0/0"
"descriptions" = ""
}
}
variable "cidr_ipv4_egress_rules_count" {
description = "Amount of egress rules. Has to be equal to the amount of ports given in variable <cidr_egress_rules>"
default = 1
}
# Variables for IPv6 cidr_based rules
variable "cidr_ipv6_ingress_rules" {
description = "Ports to be allowed for ingress ipv6 connections based on cidr-blocks. The needed values are protocols, ipv6_cidr_blocks, ports"
type = "map"
default = {
"protocols" = "tcp",
"ports" = "",
"ipv6_cidr_blocks" = ""
"descriptions" = ""
}
}
variable "cidr_ipv6_ingress_rules_count" {
description = "Amount of ipv6 based ingress rules. Has to be equal to the amount of ports given in variable cidr_ipv6_ingress_rules"
default = 0
}
variable "cidr_ipv6_egress_rules" {
description = "Ports to be allowed for egress ipv6 connections based on cidr-blocks. The needed values are protocols, ipv6_cidr_blocks, ports"
type = "map"
default = {
"protocols" = "-1"
"ports" = "0"
"ipv6_cidr_blocks" = "::/0"
"descriptions" = ""
}
}
variable "cidr_ipv6_egress_rules_count" {
description = "Amount of ipv6 based egress rules. Has to be equal to the amount of ports given in variable cidr_ipv6_egress_rules"
default = 1
}
# Variables for security_group based rules
variable "security_group_ingress_rules" {
description = "Ports to be allowed for ingress connections based on security_groups. The needed values are protocols, source_security_groups, ports"
type = "map"
# default value is only for demonstration purpose. This variable should be given in to the module, for security_reasons
#default = {
# "protocols" = "tcp", "source_security_groups" = "id_of_group_for_first_port, id_of_group_for_second_group", ports = "80,443"
#}
default = {
"protocols" = "tcp",
"ports" = "",
"source_security_groups" = "id"
"descriptions" = ""
}
}
variable "security_group_ingress_rules_count" {
description = "Amount of sg_based ingress rules. Has to be equal to the amount of ports given in variable security_group_ingress_rules"
default = 0
}
variable "security_group_egress_rules" {
description = "Ports to be allowed for egress connections based on security_groups. The needed values are protocols, source_security_groups, ports"
type = "map"
# default value is only for demonstration purpose. This variable should be given in to the module, for security_reasons
#default = {"protocols" = "tcp", "source_security_groups" = "id_of_group_for_first_port, id_of_group_for_second_group", ports = "80,443"}
default = {
"protocols" = "tcp",
"ports" = "",
"source_security_groups" = "id"
"descriptions" = ""
}
}
variable "security_group_egress_rules_count" {
description = "Amount of sg_based egress rules. Has to be equal to the amount of ports given in variable security_group_egress_rules"
default = 0
}
variable "source_security_group" {
description = "The security group to/from which the access should be granted"
default = ""
}
variable "assume_role_arn" {
description = "ARN of the role to use"
default = ""
}
variable "provider_region" {}
variable "account_id" {
description = "Account id (deprecated | please use the 'assume_role_arn' variable)"
default = ""
}