-
Notifications
You must be signed in to change notification settings - Fork 15
/
variables.tf
186 lines (160 loc) · 6.64 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
variable "name" {
type = string
default = null
description = "Name of SFTP server. Ignore it to generate a random name for server"
}
variable "sftp_type" {
type = string
default = "PUBLIC"
description = "Type of SFTP server. **Valid values:** `PUBLIC`, `VPC` or `VPC_ENDPOINT`"
}
variable "storage_type" {
type = string
default = "S3"
description = "Where to store the files. **Valid values:** `S3` or `EFS`"
}
variable "protocols" {
type = list(string)
default = ["SFTP"]
description = "List of file transfer protocol(s) over which your FTP client can connect to your server endpoint. **Possible Values:** FTP, FTPS and SFTP"
}
variable "certificate_arn" {
type = string
default = null
description = "ARN of ACM certificate. Required only in case of FTPS protocol"
}
variable "endpoint_details" {
type = object({
vpc_id = optional(string)
vpc_endpoint_id = optional(string)
subnet_ids = optional(list(string))
security_group_ids = optional(list(string))
address_allocation_ids = optional(list(string))
})
default = {}
description = <<-EOT
A block required to setup SFTP server if type is set to `VPC` or `VPC_ENDPOINT`
```{
vpc_id = (Optional) ID of VPC in which SFTP server endpoint will be hosted. Required if endpoint type is set to VPC
vpc_endpoint_id = (Optional) The ID of VPC endpoint to use for hosting internal SFTP server. Required if endpoint type is set to VPC_ENDPOINT
subnet_ids = (Optional) List of subnets ids within the VPC for hosting SFTP server endpoint. Required if endpoint type is set to VPC
security_group_ids = (Optional) List of security groups to attach to the SFTP endpoint. Supported only if endpoint is to type VPC. If left blank for VPC, a security group with port 22 open to the world will be created and attached
address_allocation_ids = (Optional) List of address allocation IDs to attach an Elastic IP address to your SFTP server endpoint. Supported only if endpoint type is set to VPC. If left blank for VPC, an EIP will be automatically created per subnet and attached
}```
EOT
}
variable "identity_provider_type" {
type = string
default = "SERVICE_MANAGED"
description = "Mode of authentication to use for accessing the service. **Valid Values:** `SERVICE_MANAGED`, `API_GATEWAY`, `AWS_DIRECTORY_SERVICE` or `AWS_LAMBDA`"
}
variable "api_gw_url" {
type = string
default = null
description = "URL of the service endpoint to authenticate users when `identity_provider_type` is of type `API_GATEWAY`"
}
variable "invocation_role" {
type = string
default = null
description = "ARN of the IAM role to authenticate the user when `identity_provider_type` is set to `API_GATEWAY`"
}
variable "directory_id" {
type = string
default = null
description = "ID of the directory service to authenticate users when `identity_provider_type` is of type `AWS_DIRECTORY_SERVICE`"
}
variable "function_arn" {
type = string
default = null
description = "ARN of the lambda function to authenticate users when `identity_provider_type` is of type `AWS_LAMBDA`"
}
variable "logging_role" {
type = string
default = null
description = "ARN of an IAM role to allow to write SFTP users activity to Amazon CloudWatch logs"
}
variable "cloudwatch_log_group_arns" {
type = set(string)
default = []
description = "Set of ARN of the CloudWatch log group to which SFTP server will write JSON logs. Required if `enable_json_logging` is set to `true`"
}
variable "force_destroy" {
type = bool
default = true
description = "Whether to delete all the users associated with server so that server can be deleted successfully. **Note:** Supported only if `identity_provider_type` is set to `SERVICE_MANAGED`"
}
variable "security_policy_name" {
type = string
default = "TransferSecurityPolicy-2023-05"
description = "Specifies the name of the [security policy](https://docs.aws.amazon.com/transfer/latest/userguide/security-policies.html) to associate with the server"
}
variable "host_key" {
type = string
default = null
description = "RSA private key that will be used to identify your server when clients connect to it over SFTP"
}
variable "pre_authentication_login_banner" {
type = string
default = null
description = "Message to display to user when trying to connect to the server **before** authentication"
}
variable "post_authentication_login_banner" {
type = string
default = null
description = "Message to display to user when trying to connect to the server **after** authentication"
}
variable "as2_transports" {
type = set(string)
default = null
description = "Transport method to use for AS2 messages. **Valid values:** `HTTP`"
}
variable "passive_ip" {
type = string
default = null
description = "Use passive IP (PASV) capability to attach the IP address of the firewall or the load balancer to your FTPS/FTP server"
}
variable "set_stat_option" {
type = string
default = null
description = "Whether the server should ignore SETSTAT command. **Valid values:** `DEFAULT`, `ENABLE_NO_OP`"
}
variable "tls_session_resumption_mode" {
type = string
default = null
description = "TLS session resumption mode provides a mechanism to resume recently negotiated encrypted TLS sessions between the client and the FTPS server. Using one of the TLS session resumption modes, you can customize how you want to your FTPS server to process TLS session resumption requests"
}
variable "hosted_zone" {
type = string
default = null
description = "Hosted zone name to create DNS entry for SFTP server"
}
variable "sftp_sub_domain" {
type = string
default = "sftp"
description = "DNS name for SFTP server. **NOTE: Only sub-domain name required. DO NOT provide entire URL**"
}
variable "sftp_users" {
type = map(string)
default = {}
description = <<-EOT
Map of users with key as username and value as their home directory. Home directory is the S3 bucket path which user should have access to
```{
user = home_dir_path
}```
EOT
}
variable "sftp_users_ssh_key" {
type = map(string)
default = {}
description = <<-EOT
Map of users with key as username and value as their public SSH key
```{
user = ssh_public_key_content
}```
EOT
}
variable "tags" {
type = map(string)
default = {}
description = "A map of key value pair to assign to resources"
}