forked from cloudposse/terraform-aws-transfer-sftp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
124 lines (106 loc) · 3.86 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
variable "domain" {
type = string
description = "Where your files are stored. S3 or EFS"
default = "S3"
}
variable "sftp_users" {
type = map(object({
user_name = string,
public_key = string
}))
default = {}
description = "List of SFTP usernames and public keys"
}
variable "restricted_home" {
type = bool
description = "Restricts SFTP users so they only have access to their home directories."
default = true
}
variable "force_destroy" {
type = bool
description = "Forces the AWS Transfer Server to be destroyed"
default = false
}
variable "s3_bucket_name" {
type = string
description = "This is the bucket that the SFTP users will use when managing files"
}
# Variables used when deploying to VPC
variable "vpc_id" {
type = string
description = "VPC ID that the AWS Transfer Server will be deployed to"
default = null
}
variable "address_allocation_ids" {
type = list(string)
description = "A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when endpoint_type is set to VPC."
default = []
}
variable "security_group_enabled" {
type = bool
description = "Whether to create default Security Group for AWS Transfer Server."
default = true
}
variable "security_group_description" {
type = string
default = "AWS Transfer Server Security Group"
description = "The Security Group description."
}
variable "security_group_use_name_prefix" {
type = bool
default = false
description = "Whether to create a default Security Group with unique name beginning with the normalized prefix."
}
variable "security_group_rules" {
type = list(any)
default = [
{
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow inbound traffic"
}
]
description = <<-EOT
A list of maps of Security Group rules.
The values of map is fully complated with `aws_security_group_rule` resource.
To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule .
EOT
}
variable "vpc_security_group_ids" {
type = list(string)
description = "A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC."
default = []
}
variable "subnet_ids" {
type = list(string)
description = "A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC."
default = []
}
variable "vpc_endpoint_id" {
type = string
description = "The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT"
default = null
}
variable "security_policy_name" {
type = string
description = "Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11."
default = "TransferSecurityPolicy-2018-11"
}
variable "domain_name" {
type = string
description = "Domain to use when connecting to the SFTP endpoint"
default = ""
}
variable "zone_id" {
type = string
description = "Route53 Zone ID to add the CNAME"
default = ""
}
variable "eip_enabled" {
type = bool
description = "Whether to provision and attach an Elastic IP to be used as the SFTP endpoint. An EIP will be provisioned per subnet."
default = false
}