-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
/
variables.tf
323 lines (270 loc) · 10 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
variable "create_bucket" {
description = "Controls if S3 bucket should be created"
type = bool
default = true
}
variable "attach_elb_log_delivery_policy" {
description = "Controls if S3 bucket should have ELB log delivery policy attached"
type = bool
default = false
}
variable "attach_lb_log_delivery_policy" {
description = "Controls if S3 bucket should have ALB/NLB log delivery policy attached"
type = bool
default = false
}
variable "attach_access_log_delivery_policy" {
description = "Controls if S3 bucket should have S3 access log delivery policy attached"
type = bool
default = false
}
variable "attach_deny_insecure_transport_policy" {
description = "Controls if S3 bucket should have deny non-SSL transport policy attached"
type = bool
default = false
}
variable "attach_require_latest_tls_policy" {
description = "Controls if S3 bucket should require the latest version of TLS"
type = bool
default = false
}
variable "attach_policy" {
description = "Controls if S3 bucket should have bucket policy attached (set to `true` to use value of `policy` as bucket policy)"
type = bool
default = false
}
variable "attach_public_policy" {
description = "Controls if a user defined public bucket policy will be attached (set to `false` to allow upstream to apply defaults to the bucket)"
type = bool
default = true
}
variable "attach_inventory_destination_policy" {
description = "Controls if S3 bucket should have bucket inventory destination policy attached."
type = bool
default = false
}
variable "attach_analytics_destination_policy" {
description = "Controls if S3 bucket should have bucket analytics destination policy attached."
type = bool
default = false
}
variable "attach_deny_incorrect_encryption_headers" {
description = "Controls if S3 bucket should deny incorrect encryption headers policy attached."
type = bool
default = false
}
variable "attach_deny_incorrect_kms_key_sse" {
description = "Controls if S3 bucket policy should deny usage of incorrect KMS key SSE."
type = bool
default = false
}
variable "allowed_kms_key_arn" {
description = "The ARN of KMS key which should be allowed in PutObject"
type = string
default = null
}
variable "attach_deny_unencrypted_object_uploads" {
description = "Controls if S3 bucket should deny unencrypted object uploads policy attached."
type = bool
default = false
}
variable "bucket" {
description = "(Optional, Forces new resource) The name of the bucket. If omitted, Terraform will assign a random, unique name."
type = string
default = null
}
variable "bucket_prefix" {
description = "(Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket."
type = string
default = null
}
variable "acl" {
description = "(Optional) The canned ACL to apply. Conflicts with `grant`"
type = string
default = null
}
variable "policy" {
description = "(Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide."
type = string
default = null
}
variable "tags" {
description = "(Optional) A mapping of tags to assign to the bucket."
type = map(string)
default = {}
}
variable "force_destroy" {
description = "(Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable."
type = bool
default = false
}
variable "acceleration_status" {
description = "(Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended."
type = string
default = null
}
variable "request_payer" {
description = "(Optional) Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information."
type = string
default = null
}
variable "website" {
description = "Map containing static web-site hosting or redirect configuration."
type = any # map(string)
default = {}
}
variable "cors_rule" {
description = "List of maps containing rules for Cross-Origin Resource Sharing."
type = any
default = []
}
variable "versioning" {
description = "Map containing versioning configuration."
type = map(string)
default = {}
}
variable "logging" {
description = "Map containing access bucket logging configuration."
type = any
default = {}
}
variable "access_log_delivery_policy_source_buckets" {
description = "(Optional) List of S3 bucket ARNs which should be allowed to deliver access logs to this bucket."
type = list(string)
default = []
}
variable "access_log_delivery_policy_source_accounts" {
description = "(Optional) List of AWS Account IDs should be allowed to deliver access logs to this bucket."
type = list(string)
default = []
}
variable "grant" {
description = "An ACL policy grant. Conflicts with `acl`"
type = any
default = []
}
variable "owner" {
description = "Bucket owner's display name and ID. Conflicts with `acl`"
type = map(string)
default = {}
}
variable "expected_bucket_owner" {
description = "The account ID of the expected bucket owner"
type = string
default = null
}
variable "transition_default_minimum_object_size" {
description = "The default minimum object size behavior applied to the lifecycle configuration. Valid values: all_storage_classes_128K (default), varies_by_storage_class"
type = string
default = null
}
variable "lifecycle_rule" {
description = "List of maps containing configuration of object lifecycle management."
type = any
default = []
}
variable "replication_configuration" {
description = "Map containing cross-region replication configuration."
type = any
default = {}
}
variable "server_side_encryption_configuration" {
description = "Map containing server-side encryption configuration."
type = any
default = {}
}
variable "intelligent_tiering" {
description = "Map containing intelligent tiering configuration."
type = any
default = {}
}
variable "object_lock_configuration" {
description = "Map containing S3 object locking configuration."
type = any
default = {}
}
variable "metric_configuration" {
description = "Map containing bucket metric configuration."
type = any
default = []
}
variable "inventory_configuration" {
description = "Map containing S3 inventory configuration."
type = any
default = {}
}
variable "inventory_source_account_id" {
description = "The inventory source account id."
type = string
default = null
}
variable "inventory_source_bucket_arn" {
description = "The inventory source bucket ARN."
type = string
default = null
}
variable "inventory_self_source_destination" {
description = "Whether or not the inventory source bucket is also the destination bucket."
type = bool
default = false
}
variable "analytics_configuration" {
description = "Map containing bucket analytics configuration."
type = any
default = {}
}
variable "analytics_source_account_id" {
description = "The analytics source account id."
type = string
default = null
}
variable "analytics_source_bucket_arn" {
description = "The analytics source bucket ARN."
type = string
default = null
}
variable "analytics_self_source_destination" {
description = "Whether or not the analytics source bucket is also the destination bucket."
type = bool
default = false
}
variable "object_lock_enabled" {
description = "Whether S3 bucket should have an Object Lock configuration enabled."
type = bool
default = false
}
variable "block_public_acls" {
description = "Whether Amazon S3 should block public ACLs for this bucket."
type = bool
default = true
}
variable "block_public_policy" {
description = "Whether Amazon S3 should block public bucket policies for this bucket."
type = bool
default = true
}
variable "ignore_public_acls" {
description = "Whether Amazon S3 should ignore public ACLs for this bucket."
type = bool
default = true
}
variable "restrict_public_buckets" {
description = "Whether Amazon S3 should restrict public bucket policies for this bucket."
type = bool
default = true
}
variable "control_object_ownership" {
description = "Whether to manage S3 Bucket Ownership Controls on this bucket."
type = bool
default = false
}
variable "object_ownership" {
description = "Object ownership. Valid values: BucketOwnerEnforced, BucketOwnerPreferred or ObjectWriter. 'BucketOwnerEnforced': ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. 'BucketOwnerPreferred': Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL. 'ObjectWriter': The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL."
type = string
default = "BucketOwnerEnforced"
}
variable "putin_khuylo" {
description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
type = bool
default = true
}