-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
73 lines (64 loc) · 2.77 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# Input variable definitions
variable "environment" {
description = "Which environment this is being instantiated in."
type = string
validation {
condition = contains(["dev", "test", "prod"], var.environment)
error_message = "Must be either dev, test or prod"
}
}
variable "application_name" {
description = "Name of the application utilising resource."
type = string
}
variable "vpc_config" {
description = "AWS VPC ID within which to create the security group."
type = string
}
variable "raw_security_groups" {
description = <<EOF
Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:
REQUIRED
---------
- suffix : Security group suffix to use for naming and unique identifiers
- description : Description to give to the security group
OPTIONAL
---------
- rules: A list of dictionaries, where each dictionary has the following values:
-- name : Friendly name used through Terraform for instantiation and cross-referencing
-- type : Ingress/egress
-- from_port : Start port
-- to_port : End port
-- protocol : Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number.
-- description : Friendly description of the rule, required for auditing purposes.
In addition, the following optional args are available:
-- cidr_blocks : List of CIDR blocks. Cannot be specified with source_security_group_id or self.
-- ipv6_cidr_blocks : List of IPv6 CIDR blocks. Cannot be specified with source_security_group_id or self.
-- prefix_list_ids : List of Prefix List IDs.
-- self : Whether the security group itself will be added as a source to this ingress rule. Cannot be specified with cidr_blocks, ipv6_cidr_blocks, or source_security_group_id.
-- source_security_group_id : Security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks, ipv6_cidr_blocks, or self.
EOF
type = list(
object({
suffix : string,
description : string,
rules : optional(list(
object({
name = string,
type = string,
from_port = string,
to_port = string,
protocol = string,
description = string,
cidr_blocks = optional(list(string), null),
ipv6_cidr_blocks = optional(list(string), null),
prefix_list_ids = optional(list(string), null),
self = optional(bool, null),
source_security_group_id = optional(string, null)
})
), [])
})
)
}