diff --git a/README.md b/README.md
index 055459f..c735a28 100644
--- a/README.md
+++ b/README.md
@@ -448,9 +448,9 @@ This project creates and manages resources within an AWS account for infrastruct
|------|-------------|------|---------|:--------:|
| [aws\_profile\_name\_route53\_root](#input\_aws\_profile\_name\_route53\_root) | AWS Profile name which is configured for the account in which the root Route53 Hosted Zone exists. | `string` | n/a | yes |
| [aws\_region](#input\_aws\_region) | AWS region in which to launch resources | `string` | n/a | yes |
-| [custom\_cloudformation\_stacks](#input\_custom\_cloudformation\_stacks) | Map of CloudFormation stacks to deploy
{
stack-name = {
s3\_template\_store\_key: The filename of a CloudFormation template that is stored within the S3 bucket, created by the `enable_cloudformatian_s3_template_store`
template\_body: (Optional - use of s3\_template\_store\_key is preferred) The CloudFormation template body
parameters: The CloudFormation template parameters ({ parameter-name = parameter-value, ... })
on\_failure: What to do on failure, either 'DO\_NOTHING', 'ROLLBACK' or 'DELETE'
capabilities: A list of capabilities. Valid values: `CAPABILITY_NAMED_IAM`, `CAPABILITY_IAM`, `CAPABILITY_AUTO_EXPAND`
}
} |
map(object({| n/a | yes | -| [custom\_route53\_hosted\_zones](#input\_custom\_route53\_hosted\_zones) | Map of Route53 Hosted Zone configurations to create
s3_template_store_key = optional(string, null)
template_body = optional(string, null)
parameters = optional(map(string), null)
on_failure = optional(string, null)
capabilities = optional(list(string), null)
}))
map(object({| n/a | yes | -| [custom\_s3\_buckets](#input\_custom\_s3\_buckets) | Map of S3 buckets to create, and conditionally serve via CloudFront. The S3 configuration will follow AWS best practices (eg. Private, ACLS disabled, SSE, Versioning, Logging). The bucket must be emptied before attempting deletion/destruction."
ns_records = optional(map(object({
values = list(string)
ttl = optional(number, 300)
})), null)
a_records = optional(map(object({
values = list(string)
ttl = optional(number, 300)
})), null)
alias_records = optional(map(object({
value = string
zone_id = string
})), null)
cname_records = optional(map(object({
values = list(string)
ttl = optional(number, 300)
})), null)
mx_records = optional(map(object({
values = list(string)
ttl = optional(number, 300)
})), null)
txt_records = optional(map(object({
values = list(string)
ttl = optional(number, 300)
})), null)
}))
map(object({| n/a | yes | +| [custom\_cloudformation\_stacks](#input\_custom\_cloudformation\_stacks) | Map of CloudFormation stacks to deploy
create_dedicated_kms_key = optional(bool, null)
transition_to_ia_days = optional(number, null)
transition_to_glacier_days = optional(number, null)
cloudfront_dedicated_distribution = optional(bool, null)
cloudfront_s3_root = optional(string, null)
cloudfront_infrastructure_ecs_cluster_service = optional(string, null)
cloudfront_infrastructure_ecs_cluster_service_path = optional(string, null)
}))
map(object({| n/a | yes | +| [custom\_route53\_hosted\_zones](#input\_custom\_route53\_hosted\_zones) | Map of Route53 Hosted Zone configurations to create
s3_template_store_key = optional(string, null)
template_body = optional(string, null)
parameters = optional(map(string), null)
on_failure = optional(string, null)
capabilities = optional(list(string), null)
}))
map(object({| n/a | yes | +| [custom\_s3\_buckets](#input\_custom\_s3\_buckets) | Map of S3 buckets to create, and conditionally serve via CloudFront. The S3 configuration will follow AWS best practices (eg. Private, ACLS disabled, SSE, Versioning, Logging). The bucket must be emptied before attempting deletion/destruction."
ns_records = optional(map(object({
values = list(string)
ttl = optional(number, 300)
})), null)
a_records = optional(map(object({
values = list(string)
ttl = optional(number, 300)
})), null)
alias_records = optional(map(object({
value = string
zone_id = string
})), null)
cname_records = optional(map(object({
values = list(string)
ttl = optional(number, 300)
})), null)
mx_records = optional(map(object({
values = list(string)
ttl = optional(number, 300)
})), null)
txt_records = optional(map(object({
values = list(string)
ttl = optional(number, 300)
})), null)
}))
map(object({| n/a | yes | | [ecs\_cluster\_efs\_directories](#input\_ecs\_cluster\_efs\_directories) | ECS cluster EFS directories to create | `list(string)` | n/a | yes | | [ecs\_cluster\_efs\_infrequent\_access\_transition](#input\_ecs\_cluster\_efs\_infrequent\_access\_transition) | ECS cluser EFS IA transiton in days. Set to 0 to disable IA transition. | `number` | n/a | yes | | [ecs\_cluster\_efs\_performance\_mode](#input\_ecs\_cluster\_efs\_performance\_mode) | ECS cluser EFS performance mode | `string` | n/a | yes | @@ -467,7 +467,7 @@ This project creates and manages resources within an AWS account for infrastruct | [enable\_infrastructure\_route53\_hosted\_zone](#input\_enable\_infrastructure\_route53\_hosted\_zone) | Creates a Route53 hosted zone, where DNS records will be created for resources launched within this module. | `bool` | n/a | yes | | [enable\_infrastructure\_vpc\_transfer\_s3\_bucket](#input\_enable\_infrastructure\_vpc\_transfer\_s3\_bucket) | Enable VPC transfer S3 bucket. This allows uploading/downloading files from resources within the infrastructure VPC | `bool` | n/a | yes | | [environment](#input\_environment) | The environment name to be used as part of the resource prefix | `string` | n/a | yes | -| [infrastructure\_bastion\_host\_custom\_security\_group\_rules](#input\_infrastructure\_bastion\_host\_custom\_security\_group\_rules) | Map of custom security group rules to add to the Infrastructure EC2 Bastion Host security group (eg. { rule-name = {type = "egress", ... } }) |
create_dedicated_kms_key = optional(bool, null)
transition_to_ia_days = optional(number, null)
transition_to_glacier_days = optional(number, null)
cloudfront_dedicated_distribution = optional(bool, null)
cloudfront_s3_root = optional(string, null)
cloudfront_infrastructure_ecs_cluster_service = optional(string, null)
cloudfront_infrastructure_ecs_cluster_service_path = optional(string, null)
}))
map(object({| n/a | yes | +| [infrastructure\_bastion\_host\_custom\_security\_group\_rules](#input\_infrastructure\_bastion\_host\_custom\_security\_group\_rules) | Map of custom security group rules to add to the Infrastructure EC2 Bastion Host security group (eg. { rule-name = {type = "egress", ... } }) |
description = string
type = string
from_port = number
to_port = number
protocol = string
source_security_group_id = optional(string, "")
cidr_blocks = optional(list(string), [])
}))
map(object({| n/a | yes | | [infrastructure\_dockerhub\_email](#input\_infrastructure\_dockerhub\_email) | Dockerhub email | `string` | n/a | yes | | [infrastructure\_dockerhub\_token](#input\_infrastructure\_dockerhub\_token) | Dockerhub token which has permissions to pull images | `string` | n/a | yes | | [infrastructure\_dockerhub\_username](#input\_infrastructure\_dockerhub\_username) | Dockerhub username | `string` | n/a | yes | @@ -477,10 +477,10 @@ This project creates and manages resources within an AWS account for infrastruct | [infrastructure\_ecs\_cluster\_asg\_cpu\_alert\_period](#input\_infrastructure\_ecs\_cluster\_asg\_cpu\_alert\_period) | Period (in secods) for the ECS cluster's Autoscaling Group CPU alert | `number` | n/a | yes | | [infrastructure\_ecs\_cluster\_asg\_cpu\_alert\_slack](#input\_infrastructure\_ecs\_cluster\_asg\_cpu\_alert\_slack) | Enable Slack alerts for the ECS cluster's Autoscaling Group CPU alert | `bool` | n/a | yes | | [infrastructure\_ecs\_cluster\_asg\_cpu\_alert\_threshold](#input\_infrastructure\_ecs\_cluster\_asg\_cpu\_alert\_threshold) | Threshold (CPU%) for the ECS cluster's Autoscaling Group CPU alert | `number` | n/a | yes | -| [infrastructure\_ecs\_cluster\_autoscaling\_time\_based\_custom](#input\_infrastructure\_ecs\_cluster\_autoscaling\_time\_based\_custom) | List of objects with min/max sizes and cron expressions to scale the ECS cluster. Min size will be used as desired. |
description = string
type = string
from_port = number
to_port = number
protocol = string
source_security_group_id = optional(string, "")
cidr_blocks = optional(list(string), [])
}))
list(| n/a | yes | +| [infrastructure\_ecs\_cluster\_autoscaling\_time\_based\_custom](#input\_infrastructure\_ecs\_cluster\_autoscaling\_time\_based\_custom) | List of objects with min/max sizes and cron expressions to scale the ECS cluster. Min size will be used as desired. |
object({
cron = string
min = number
max = number
})
)
list(| n/a | yes | | [infrastructure\_ecs\_cluster\_autoscaling\_time\_based\_max](#input\_infrastructure\_ecs\_cluster\_autoscaling\_time\_based\_max) | List of cron expressions to scale the ECS cluster to the configured max size | `list(string)` | n/a | yes | | [infrastructure\_ecs\_cluster\_autoscaling\_time\_based\_min](#input\_infrastructure\_ecs\_cluster\_autoscaling\_time\_based\_min) | List of cron expressions to scale the ECS cluster to the configured min size | `list(string)` | n/a | yes | -| [infrastructure\_ecs\_cluster\_custom\_security\_group\_rules](#input\_infrastructure\_ecs\_cluster\_custom\_security\_group\_rules) | Map of custom security group rules to add to the ECS Cluster security group (eg. { rule-name = {type = "egress", ... } }) |
object({
cron = string
min = number
max = number
})
)
map(object({| n/a | yes | +| [infrastructure\_ecs\_cluster\_custom\_security\_group\_rules](#input\_infrastructure\_ecs\_cluster\_custom\_security\_group\_rules) | Map of custom security group rules to add to the ECS Cluster security group (eg. { rule-name = {type = "egress", ... } }) |
description = string
type = string
from_port = number
to_port = number
protocol = string
source_security_group_id = optional(string, "")
cidr_blocks = optional(list(string), [])
}))
map(object({| n/a | yes | | [infrastructure\_ecs\_cluster\_draining\_lambda\_enabled](#input\_infrastructure\_ecs\_cluster\_draining\_lambda\_enabled) | Enable the Lambda which ensures all containers have drained before terminating ECS cluster instances | `bool` | n/a | yes | | [infrastructure\_ecs\_cluster\_draining\_lambda\_log\_retention](#input\_infrastructure\_ecs\_cluster\_draining\_lambda\_log\_retention) | Log retention for the ECS cluster draining Lambda | `number` | n/a | yes | | [infrastructure\_ecs\_cluster\_ebs\_docker\_storage\_volume\_size](#input\_infrastructure\_ecs\_cluster\_ebs\_docker\_storage\_volume\_size) | Size of EBS volume for Docker storage on the infrastructure ECS instances | `number` | n/a | yes | @@ -505,24 +505,24 @@ This project creates and manages resources within an AWS account for infrastruct | [infrastructure\_ecs\_cluster\_pending\_task\_alert\_threshold](#input\_infrastructure\_ecs\_cluster\_pending\_task\_alert\_threshold) | Threshold (Number of pending tasks) for the ECS cluster's Pending Task alert | `number` | n/a | yes | | [infrastructure\_ecs\_cluster\_pending\_task\_metric\_lambda\_log\_retention](#input\_infrastructure\_ecs\_cluster\_pending\_task\_metric\_lambda\_log\_retention) | Log retention for the ECS cluster pending task metric Lambda | `number` | n/a | yes | | [infrastructure\_ecs\_cluster\_publicly\_avaialble](#input\_infrastructure\_ecs\_cluster\_publicly\_avaialble) | Conditionally launch the ECS cluster EC2 instances into the Public subnet | `bool` | n/a | yes | -| [infrastructure\_ecs\_cluster\_service\_defaults](#input\_infrastructure\_ecs\_cluster\_service\_defaults) | Default values for ECS Cluster Services |
description = string
type = string
from_port = number
to_port = number
protocol = string
source_security_group_id = optional(string, "")
cidr_blocks = optional(list(string), [])
}))
object({| n/a | yes | -| [infrastructure\_ecs\_cluster\_services](#input\_infrastructure\_ecs\_cluster\_services) | Map of ECS Cluster Services (The key will be the service name). Values in here will override `infrastructure_ecs_cluster_service_defaults` values if set."
github_v1_source = optional(bool, null)
github_v1_oauth_token = optional(string, null)
codestar_connection_arn = optional(string, null)
github_owner = optional(string, null)
github_repo = optional(string, null)
github_track_revision = optional(string, null)
buildspec = optional(string, null)
buildspec_from_github_repo = optional(bool, null)
codebuild_environment_variables = optional(list(object({
name = string
value = string
})), [])
ecr_scan_target_sns_topic_arn = optional(string, null)
deployment_type = optional(string, null)
enable_cloudwatch_logs = optional(bool, null)
cloudwatch_logs_retention = optional(number, null)
enable_execute_command = optional(bool, null)
deregistration_delay = optional(number, null)
custom_policies = optional(map(object({
description = string
policy = object({
Version = string
Statement = list(object({
Action = list(string)
Effect = string
Resource = list(string)
}))
})
})), {})
container_entrypoint = optional(list(string), null)
container_port = optional(number, null)
container_volumes = optional(list(map(string)), null)
container_extra_hosts = optional(list(map(string)), null)
container_count = optional(number, null)
container_heath_check_path = optional(string, null)
container_heath_grace_period = optional(number, null)
scheduled_tasks = optional(map(object({
entrypoint = optional(list(string), null)
schedule_expression = string
})), {})
domain_names = optional(list(string), null)
enable_cloudfront = optional(bool, null)
cloudfront_tls_certificate_arn = optional(string, null)
cloudfront_access_logging_enabled = optional(bool, null)
cloudfront_bypass_protection_enabled = optional(bool, null)
cloudfront_bypass_protection_excluded_domains = optional(list(string), null)
cloudfront_origin_shield_enabled = optional(bool, null)
cloudfront_managed_cache_policy = optional(string, null)
cloudfront_managed_origin_request_policy = optional(string, null)
cloudfront_managed_response_headers_policy = optional(string, null)
cloudfront_waf_association = optional(string, null)
alb_tls_certificate_arn = optional(string, null)
})
map(object({| n/a | yes | +| [infrastructure\_ecs\_cluster\_service\_defaults](#input\_infrastructure\_ecs\_cluster\_service\_defaults) | Default values for ECS Cluster Services |
github_v1_source = optional(bool, null)
github_v1_oauth_token = optional(string, null)
codestar_connection_arn = optional(string, null)
github_owner = optional(string, null)
github_repo = optional(string, null)
github_track_revision = optional(string, null)
buildspec = optional(string, null)
buildspec_from_github_repo = optional(bool, null)
codebuild_environment_variables = optional(list(object({
name = string
value = string
})), [])
ecr_scan_target_sns_topic_arn = optional(string, null)
deployment_type = optional(string, null)
enable_cloudwatch_logs = optional(bool, null)
cloudwatch_logs_retention = optional(number, null)
enable_execute_command = optional(bool, null)
deregistration_delay = optional(number, null)
custom_policies = optional(map(object({
description = string
policy = object({
Version = string
Statement = list(object({
Action = list(string)
Effect = string
Resource = list(string)
}))
})
})), {})
container_entrypoint = optional(list(string), null)
container_port = optional(number, null)
container_volumes = optional(list(map(string)), null)
container_extra_hosts = optional(list(map(string)), null)
container_count = optional(number, null)
container_heath_check_path = optional(string, null)
container_heath_grace_period = optional(number, null)
scheduled_tasks = optional(map(object({
entrypoint = list(string)
schedule_expression = string
})), null)
domain_names = optional(list(string), null)
enable_cloudfront = optional(bool, null)
cloudfront_tls_certificate_arn = optional(string, null)
cloudfront_access_logging_enabled = optional(bool, null)
cloudfront_bypass_protection_enabled = optional(bool, null)
cloudfront_bypass_protection_excluded_domains = optional(list(string), null)
cloudfront_origin_shield_enabled = optional(bool, null)
cloudfront_managed_cache_policy = optional(string, null)
cloudfront_managed_origin_request_policy = optional(string, null)
cloudfront_managed_response_headers_policy = optional(string, null)
cloudfront_waf_association = optional(string, null)
alb_tls_certificate_arn = optional(string, null)
}))
object({| n/a | yes | +| [infrastructure\_ecs\_cluster\_services](#input\_infrastructure\_ecs\_cluster\_services) | Map of ECS Cluster Services (The key will be the service name). Values in here will override `infrastructure_ecs_cluster_service_defaults` values if set."
github_v1_source = optional(bool, null)
github_v1_oauth_token = optional(string, null)
codestar_connection_arn = optional(string, null)
github_owner = optional(string, null)
github_repo = optional(string, null)
github_track_revision = optional(string, null)
buildspec = optional(string, null)
buildspec_from_github_repo = optional(bool, null)
codebuild_environment_variables = optional(list(object({
name = string
value = string
})), [])
ecr_scan_target_sns_topic_arn = optional(string, null)
deployment_type = optional(string, null)
enable_cloudwatch_logs = optional(bool, null)
cloudwatch_logs_retention = optional(number, null)
enable_execute_command = optional(bool, null)
deregistration_delay = optional(number, null)
custom_policies = optional(map(object({
description = string
policy = object({
Version = string
Statement = list(object({
Action = list(string)
Effect = string
Resource = list(string)
}))
})
})), {})
container_entrypoint = optional(list(string), null)
container_port = optional(number, null)
container_volumes = optional(list(map(string)), null)
container_extra_hosts = optional(list(map(string)), null)
container_count = optional(number, null)
container_heath_check_path = optional(string, null)
container_heath_grace_period = optional(number, null)
scheduled_tasks = optional(map(object({
entrypoint = optional(list(string), null)
schedule_expression = string
})), {})
domain_names = optional(list(string), null)
enable_cloudfront = optional(bool, null)
cloudfront_tls_certificate_arn = optional(string, null)
cloudfront_access_logging_enabled = optional(bool, null)
cloudfront_bypass_protection_enabled = optional(bool, null)
cloudfront_bypass_protection_excluded_domains = optional(list(string), null)
cloudfront_origin_shield_enabled = optional(bool, null)
cloudfront_managed_cache_policy = optional(string, null)
cloudfront_managed_origin_request_policy = optional(string, null)
cloudfront_managed_response_headers_policy = optional(string, null)
cloudfront_waf_association = optional(string, null)
alb_tls_certificate_arn = optional(string, null)
})
map(object({| n/a | yes | | [infrastructure\_ecs\_cluster\_services\_alb\_enable\_global\_accelerator](#input\_infrastructure\_ecs\_cluster\_services\_alb\_enable\_global\_accelerator) | Enable Global Accelerator (GA) for the infrastructure ECS cluster services ALB. If `cloudfront_bypass_protection_enabled` is set for a service, any domain pointing towards the GA must be added to the `cloudfront_bypass_protection_excluded_domains` list. It is recommended that the GA only be used for apex domains that redirect to the domain associated with CloudFront. Ideally, apex domains would use an ALIAS record pointing towards the CloudFront distribution. | `bool` | n/a | yes | | [infrastructure\_ecs\_cluster\_services\_alb\_ip\_allow\_list](#input\_infrastructure\_ecs\_cluster\_services\_alb\_ip\_allow\_list) | IP allow list for ingress traffic to the infrastructure ECS cluster services ALB | `list(string)` | n/a | yes | | [infrastructure\_ecs\_cluster\_services\_alb\_logs\_retention](#input\_infrastructure\_ecs\_cluster\_services\_alb\_logs\_retention) | Retention in days for the infrasrtucture ecs cluster ALB logs | `number` | n/a | yes | | [infrastructure\_ecs\_cluster\_syslog\_endpoint](#input\_infrastructure\_ecs\_cluster\_syslog\_endpoint) | ECS Infrastructure Syslog endpoint. If specified, rsyslog will be installed on the ECS container instances and configured to send logs to this endpoint. Logspout containers will also be launched to gather and send Docker logs (Application logs from the running ECS services). The port must be included in the URI, eg. 'syslog+tls://example.com:1234' | `string` | n/a | yes | | [infrastructure\_ecs\_cluster\_syslog\_permitted\_peer](#input\_infrastructure\_ecs\_cluster\_syslog\_permitted\_peer) | Specify the certificate common name (CN) of the remote to ensure syslog communication is restricted to permitted endpoints (eg. '*.example.com') | `string` | n/a | yes | | [infrastructure\_ecs\_cluster\_termination\_timeout](#input\_infrastructure\_ecs\_cluster\_termination\_timeout) | The timeout for the terminiation lifecycle hook | `number` | n/a | yes | -| [infrastructure\_ecs\_cluster\_wafs](#input\_infrastructure\_ecs\_cluster\_wafs) | Map of WAF ACLs to craete, which can be used with service CloudFront distributions |
github_v1_source = optional(bool, null)
github_v1_oauth_token = optional(string, null)
codestar_connection_arn = optional(string, null)
github_owner = optional(string, null)
github_repo = optional(string, null)
github_track_revision = optional(string, null)
buildspec = optional(string, null)
buildspec_from_github_repo = optional(bool, null)
codebuild_environment_variables = optional(list(object({
name = string
value = string
})), [])
ecr_scan_target_sns_topic_arn = optional(string, null)
deployment_type = optional(string, null)
enable_cloudwatch_logs = optional(bool, null)
cloudwatch_logs_retention = optional(number, null)
enable_execute_command = optional(bool, null)
deregistration_delay = optional(number, null)
custom_policies = optional(map(object({
description = string
policy = object({
Version = string
Statement = list(object({
Action = list(string)
Effect = string
Resource = list(string)
}))
})
})), {})
container_entrypoint = optional(list(string), null)
container_port = optional(number, null)
container_volumes = optional(list(map(string)), null)
container_extra_hosts = optional(list(map(string)), null)
container_count = optional(number, null)
container_heath_check_path = optional(string, null)
container_heath_grace_period = optional(number, null)
scheduled_tasks = optional(map(object({
entrypoint = list(string)
schedule_expression = string
})), null)
domain_names = optional(list(string), null)
enable_cloudfront = optional(bool, null)
cloudfront_tls_certificate_arn = optional(string, null)
cloudfront_access_logging_enabled = optional(bool, null)
cloudfront_bypass_protection_enabled = optional(bool, null)
cloudfront_bypass_protection_excluded_domains = optional(list(string), null)
cloudfront_origin_shield_enabled = optional(bool, null)
cloudfront_managed_cache_policy = optional(string, null)
cloudfront_managed_origin_request_policy = optional(string, null)
cloudfront_managed_response_headers_policy = optional(string, null)
cloudfront_waf_association = optional(string, null)
alb_tls_certificate_arn = optional(string, null)
}))
map(object({| n/a | yes | -| [infrastructure\_elasticache](#input\_infrastructure\_elasticache) | Map of Elasticaches (The key will be the elasticache name). Values in here will override `infrastructure_elasticache_defaults` values if set."
ipv4_deny_list = optional(list(string), null)
ipv4_allow_list = optional(list(string), null)
ipv6_deny_list = optional(list(string), null)
ipv6_allow_list = optional(list(string), null)
aws_managed_rules = optional(list(object({
name = string
action = string
exclude_rules = optional(list(string), null)
excluded_path_patterns = optional(list(string), null)
})), null)
}))
map(object({| n/a | yes | -| [infrastructure\_elasticache\_defaults](#input\_infrastructure\_elasticache\_defaults) | Default values for ElastiCaches |
type = optional(string, null)
engine = optional(string, null)
engine_version = optional(string, null)
parameters = optional(map(string), null)
cluster_node_type = optional(string, null)
cluster_node_count = optional(number, null)
serverless_max_storage = optional(string, null)
serverless_max_ecpu = optional(number, null)
snapshot_retention_limit = optional(number, null)
}))
object({| n/a | yes | +| [infrastructure\_ecs\_cluster\_wafs](#input\_infrastructure\_ecs\_cluster\_wafs) | Map of WAF ACLs to craete, which can be used with service CloudFront distributions |
type = optional(string, null)
engine = optional(string, null)
engine_version = optional(string, null)
parameters = optional(map(string), null)
cluster_node_type = optional(string, null)
cluster_node_count = optional(number, null)
serverless_max_storage = optional(number, null)
serverless_max_ecpu = optional(number, null)
snapshot_retention_limit = optional(number, null)
})
map(object({| n/a | yes | +| [infrastructure\_elasticache](#input\_infrastructure\_elasticache) | Map of Elasticaches (The key will be the elasticache name). Values in here will override `infrastructure_elasticache_defaults` values if set."
ipv4_deny_list = optional(list(string), null)
ipv4_allow_list = optional(list(string), null)
ipv6_deny_list = optional(list(string), null)
ipv6_allow_list = optional(list(string), null)
aws_managed_rules = optional(list(object({
name = string
action = string
exclude_rules = optional(list(string), null)
excluded_path_patterns = optional(list(string), null)
})), null)
}))
map(object({| n/a | yes | +| [infrastructure\_elasticache\_defaults](#input\_infrastructure\_elasticache\_defaults) | Default values for ElastiCaches |
type = optional(string, null)
engine = optional(string, null)
engine_version = optional(string, null)
parameters = optional(map(string), null)
cluster_node_type = optional(string, null)
cluster_node_count = optional(number, null)
serverless_max_storage = optional(string, null)
serverless_max_ecpu = optional(number, null)
snapshot_retention_limit = optional(number, null)
}))
object({| n/a | yes | | [infrastructure\_kms\_encryption](#input\_infrastructure\_kms\_encryption) | Enable infrastructure KMS encryption. This will create a single KMS key to be used across all resources that support KMS encryption. | `bool` | n/a | yes | | [infrastructure\_logging\_bucket\_retention](#input\_infrastructure\_logging\_bucket\_retention) | Retention in days for the infrasrtucture S3 logs. This is for the default S3 logs bucket, where all AWS service logs will be delivered | `number` | n/a | yes | | [infrastructure\_name](#input\_infrastructure\_name) | The infrastructure name to be used as part of the resource prefix | `string` | n/a | yes | -| [infrastructure\_rds](#input\_infrastructure\_rds) | Map of RDSs (The key will be the rds name). Values in here will override `infrastructure_rds_defaults` values if set."
type = optional(string, null)
engine = optional(string, null)
engine_version = optional(string, null)
parameters = optional(map(string), null)
cluster_node_type = optional(string, null)
cluster_node_count = optional(number, null)
serverless_max_storage = optional(number, null)
serverless_max_ecpu = optional(number, null)
snapshot_retention_limit = optional(number, null)
})
map(object({| n/a | yes | +| [infrastructure\_rds](#input\_infrastructure\_rds) | Map of RDSs (The key will be the rds name). Values in here will override `infrastructure_rds_defaults` values if set."
type = optional(string, null)
engine = optional(string, null)
engine_version = optional(string, null)
parameters = optional(map(string), null)
instance_class = optional(string, null)
allocated_storage = optional(number, null)
storage_type = optional(string, null)
iops = optional(number, null)
storage_throughput = optional(number, null)
multi_az = optional(bool, null)
monitoring_interval = optional(number, null)
cloudwatch_logs_export_types = optional(list(string), null)
cluster_instance_count = optional(number, null)
cluster_serverlessv2_min_capacity = optional(number, null)
cluster_serverlessv2_max_capacity = optional(number, null)
}))
map(object({| n/a | yes | | [infrastructure\_rds\_backup\_to\_s3\_cron\_expression](#input\_infrastructure\_rds\_backup\_to\_s3\_cron\_expression) | Cron expression for when to trigger the SQL backups to S3 | `string` | n/a | yes | | [infrastructure\_rds\_backup\_to\_s3\_retention](#input\_infrastructure\_rds\_backup\_to\_s3\_retention) | Retention in days to keep the S3 SQL backups and logs | `number` | n/a | yes | -| [infrastructure\_rds\_defaults](#input\_infrastructure\_rds\_defaults) | Default values for RDSs |
type = optional(string, null)
engine = optional(string, null)
engine_version = optional(string, null)
parameters = optional(map(string), null)
instance_class = optional(string, null)
allocated_storage = optional(number, null)
storage_type = optional(string, null)
iops = optional(number, null)
storage_throughput = optional(number, null)
multi_az = optional(bool, null)
monitoring_interval = optional(number, null)
cloudwatch_logs_export_types = optional(list(string), null)
cluster_instance_count = optional(number, null)
cluster_serverlessv2_min_capacity = optional(number, null)
cluster_serverlessv2_max_capacity = optional(number, null)
}))
object({| n/a | yes | +| [infrastructure\_rds\_defaults](#input\_infrastructure\_rds\_defaults) | Default values for RDSs |
type = optional(string, null)
engine = optional(string, null)
engine_version = optional(string, null)
parameters = optional(map(string), null)
instance_class = optional(string, null)
allocated_storage = optional(number, null)
storage_type = optional(string, null)
iops = optional(number, null)
storage_throughput = optional(number, null)
multi_az = optional(bool, null)
monitoring_interval = optional(number, null)
cloudwatch_logs_export_types = optional(list(string), null)
cluster_instance_count = optional(number, null)
cluster_serverlessv2_min_capacity = optional(number, null)
cluster_serverlessv2_max_capacity = optional(number, null)
})
object({| n/a | yes | | [infrastructure\_vpc](#input\_infrastructure\_vpc) | Enable infrastructure VPC | `bool` | n/a | yes | | [infrastructure\_vpc\_assign\_generated\_ipv6\_cidr\_block](#input\_infrastructure\_vpc\_assign\_generated\_ipv6\_cidr\_block) | Assign generated IPv6 CIDR block on infrastructure VPC | `bool` | n/a | yes | | [infrastructure\_vpc\_cidr\_block](#input\_infrastructure\_vpc\_cidr\_block) | Infrastructure VPC CIDR block | `string` | n/a | yes | @@ -535,12 +535,12 @@ This project creates and manages resources within an AWS account for infrastruct | [infrastructure\_vpc\_flow\_logs\_s3\_with\_athena](#input\_infrastructure\_vpc\_flow\_logs\_s3\_with\_athena) | Enable VPC flow logs in infrastructure VPC to the S3 logs bucket. A compatible Glue table/database and Athena workgroup will also be created to allow querying the logs. | `bool` | n/a | yes | | [infrastructure\_vpc\_flow\_logs\_traffic\_type](#input\_infrastructure\_vpc\_flow\_logs\_traffic\_type) | Infrastructure VPC flow logs traffic type | `string` | n/a | yes | | [infrastructure\_vpc\_instance\_tenancy](#input\_infrastructure\_vpc\_instance\_tenancy) | Infrastructure VPC instance tenancy | `string` | n/a | yes | -| [infrastructure\_vpc\_network\_acl\_egress\_custom\_rules\_private](#input\_infrastructure\_vpc\_network\_acl\_egress\_custom\_rules\_private) | Infrastructure vpc egress custom rules for the private subnets. These will be evaluated before any automatically added rules. |
type = optional(string, null)
engine = optional(string, null)
engine_version = optional(string, null)
parameters = optional(map(string), null)
instance_class = optional(string, null)
allocated_storage = optional(number, null)
storage_type = optional(string, null)
iops = optional(number, null)
storage_throughput = optional(number, null)
multi_az = optional(bool, null)
monitoring_interval = optional(number, null)
cloudwatch_logs_export_types = optional(list(string), null)
cluster_instance_count = optional(number, null)
cluster_serverlessv2_min_capacity = optional(number, null)
cluster_serverlessv2_max_capacity = optional(number, null)
})
list(object({| n/a | yes | -| [infrastructure\_vpc\_network\_acl\_egress\_custom\_rules\_public](#input\_infrastructure\_vpc\_network\_acl\_egress\_custom\_rules\_public) | Infrastructure vpc egress custom rules for the public subnets. These will be evaluated before any automatically added rules. |
protocol = string
from_port = number
to_port = number
action = string
cidr_block = string
ipv6_cidr_block = optional(string, null)
icmp_type = optional(number, null)
icmp_code = optional(number, null)
}))
list(object({| n/a | yes | +| [infrastructure\_vpc\_network\_acl\_egress\_custom\_rules\_private](#input\_infrastructure\_vpc\_network\_acl\_egress\_custom\_rules\_private) | Infrastructure vpc egress custom rules for the private subnets. These will be evaluated before any automatically added rules. |
protocol = string
from_port = number
to_port = number
action = string
cidr_block = string
ipv6_cidr_block = optional(string, null)
icmp_type = optional(number, null)
icmp_code = optional(number, null)
}))
list(object({| n/a | yes | +| [infrastructure\_vpc\_network\_acl\_egress\_custom\_rules\_public](#input\_infrastructure\_vpc\_network\_acl\_egress\_custom\_rules\_public) | Infrastructure vpc egress custom rules for the public subnets. These will be evaluated before any automatically added rules. |
protocol = string
from_port = number
to_port = number
action = string
cidr_block = string
ipv6_cidr_block = optional(string, null)
icmp_type = optional(number, null)
icmp_code = optional(number, null)
}))
list(object({| n/a | yes | | [infrastructure\_vpc\_network\_acl\_egress\_lockdown\_private](#input\_infrastructure\_vpc\_network\_acl\_egress\_lockdown\_private) | Creates a network ACL for the private subnets which blocks all egress traffic, permitting only the ports required for resources deployed by this module and custom rules. | `bool` | n/a | yes | | [infrastructure\_vpc\_network\_acl\_egress\_lockdown\_public](#input\_infrastructure\_vpc\_network\_acl\_egress\_lockdown\_public) | Creates a network ACL for the public subnets which blocks all egress traffic, permitting only the ports required for resources deployed by this module and custom rules. | `bool` | n/a | yes | -| [infrastructure\_vpc\_network\_acl\_ingress\_custom\_rules\_private](#input\_infrastructure\_vpc\_network\_acl\_ingress\_custom\_rules\_private) | Infrastructure vpc ingress custom rules for the private subnets. These will be evaluated before any automatically added rules. |
protocol = string
from_port = number
to_port = number
action = string
cidr_block = string
ipv6_cidr_block = optional(string, null)
icmp_type = optional(number, null)
icmp_code = optional(number, null)
}))
list(object({| n/a | yes | -| [infrastructure\_vpc\_network\_acl\_ingress\_custom\_rules\_public](#input\_infrastructure\_vpc\_network\_acl\_ingress\_custom\_rules\_public) | Infrastructure vpc ingress custom rules for the public subnets. These will be evaluated before any automatically added rules. |
protocol = string
from_port = number
to_port = number
action = string
cidr_block = string
ipv6_cidr_block = optional(string, null)
icmp_type = optional(number, null)
icmp_code = optional(number, null)
}))
list(object({| n/a | yes | +| [infrastructure\_vpc\_network\_acl\_ingress\_custom\_rules\_private](#input\_infrastructure\_vpc\_network\_acl\_ingress\_custom\_rules\_private) | Infrastructure vpc ingress custom rules for the private subnets. These will be evaluated before any automatically added rules. |
protocol = string
from_port = number
to_port = number
action = string
cidr_block = string
ipv6_cidr_block = optional(string, null)
icmp_type = optional(number, null)
icmp_code = optional(number, null)
}))
list(object({| n/a | yes | +| [infrastructure\_vpc\_network\_acl\_ingress\_custom\_rules\_public](#input\_infrastructure\_vpc\_network\_acl\_ingress\_custom\_rules\_public) | Infrastructure vpc ingress custom rules for the public subnets. These will be evaluated before any automatically added rules. |
protocol = string
from_port = number
to_port = number
action = string
cidr_block = string
ipv6_cidr_block = optional(string, null)
icmp_type = optional(number, null)
icmp_code = optional(number, null)
}))
list(object({| n/a | yes | | [infrastructure\_vpc\_network\_acl\_ingress\_lockdown\_private](#input\_infrastructure\_vpc\_network\_acl\_ingress\_lockdown\_private) | Creates a network ACL for the private subnets which blocks all ingress traffic, permitting only the ports required for resources deployed by this module and custom rules. | `bool` | n/a | yes | | [infrastructure\_vpc\_network\_acl\_ingress\_lockdown\_public](#input\_infrastructure\_vpc\_network\_acl\_ingress\_lockdown\_public) | Creates a network ACL for the public subnets which blocks all ingress traffic, permitting only the ports required for resources deployed by this module and custom rules. | `bool` | n/a | yes | | [infrastructure\_vpc\_network\_availability\_zones](#input\_infrastructure\_vpc\_network\_availability\_zones) | A list of availability zone characters (eg. ["a", "b", "c"]) | `list(string)` | n/a | yes |
protocol = string
from_port = number
to_port = number
action = string
cidr_block = string
ipv6_cidr_block = optional(string, null)
icmp_type = optional(number, null)
icmp_code = optional(number, null)
}))