-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
161 lines (130 loc) · 4.48 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#Module : LABEL
#Description : Terraform label module variables.
variable "name" {
type = string
description = "Name (e.g. `app` or `cluster`)."
}
variable "repository" {
type = string
default = "https://github.com/slovink/terraform-aws-cloudtrail.git"
description = "Terraform current module repo"
}
variable "environment" {
type = string
default = ""
description = "Environment (e.g. `prod`, `dev`, `staging`)."
}
variable "label_order" {
type = list(any)
default = []
description = "Label order, e.g. `name`,`application`."
}
variable "attributes" {
type = list(string)
default = []
description = "Additional attributes (e.g. `1`)."
}
variable "managedby" {
type = string
default = ""
description = ""
}
#Module : CLOUDTRAIL
#Description : Terraform VPC module variables.
variable "enabled_cloudtrail" {
type = bool
default = true
description = "If true, deploy the resources for the module."
}
variable "enable_log_file_validation" {
type = bool
default = true
description = "Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs."
}
variable "include_global_service_events" {
type = bool
default = true
description = "Specifies whether the trail is publishing events from global services such as IAM to the log files."
}
variable "enable_logging" {
type = bool
default = true
description = "Enable logging for the trail."
}
variable "s3_bucket_name" {
type = string
description = "S3 bucket name for CloudTrail log."
}
variable "cloud_watch_logs_role_arn" {
type = string
default = ""
description = "Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group."
sensitive = true
}
#variable "cloud_watch_logs_group_arn" {
# type = string
# default = ""
# description = "Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered."
# sensitive = true
#}
variable "event_selector" {
type = bool
default = true
description = "Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these."
}
variable "read_write_type" {
type = string
default = "All"
description = "Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All."
}
variable "include_management_events" {
type = bool
default = true
description = " Specify if you want your event selector to include management events for your trail."
}
variable "event_selector_data_resource" {
type = bool
default = false
description = "Specifies logging data events. Fields documented below."
}
variable "data_resource_type" {
type = string
default = "AWS::S3::Object"
description = "The resource type in which you want to log data events. You can specify only the following value: `AWS::S3::Object` `AWS::Lambda::Function`."
}
variable "data_resource_values" {
type = list(string)
default = []
description = "Specifies an event selector for enabling data event logging, It needs to be a list of map values. See: https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for details on this map variable."
sensitive = true
}
variable "is_organization_trail" {
type = bool
default = false
description = "The trail is an AWS Organizations trail."
}
variable "sns_topic_name" {
type = string
default = null
description = "Specifies the name of the Amazon SNS topic defined for notification of log file delivery."
}
variable "key_deletion_window_in_days" {
description = "Duration in days after which the key is deleted after destruction of the resource, must be 7-30 days. Default 30 days."
default = 30
type = string
}
variable "log_retention_days" {
description = "Number of days to keep AWS logs around in specific log group."
default = 90
type = string
}
variable "cloudwatch_log_group_name" {
description = "The name of the CloudWatch Log Group that receives CloudTrail events."
default = "cloudtrail-events"
type = string
}
variable "iam_role_name" {
description = "Name for the CloudTrail IAM role"
default = "cloudtrail-cloudwatch-logs-role"
type = string
}