-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
431 lines (425 loc) · 13.5 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
variable "name" {
type = string
description = "Project name used to form part of most resource names. This will identify your created resources."
}
variable "aws_region" {
type = string
description = "AWS Region where the resources will be provisioned"
}
variable "aws_account_id" {
type = string
description = "Current AWS account ID"
}
variable "aws_elb_account_id" {
type = string
description = "Current AWS ELB Account ID obtain the ID for your region from https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html"
}
#############################################
# VPC
#############################################
variable "vpc_cidr" {
type = string
description = "Main VPC CIDR"
default = "172.18.0.0/16"
}
variable "vpc_name" {
type = string
description = "Names assigned to the vpc"
default = "vpc"
}
variable "vpc_private_subnets" {
type = list(string)
description = "VPC Private subnet CIDRs"
default = ["172.18.48.0/20", "172.18.64.0/20", "172.18.80.0/20"]
}
variable "vpc_public_subnets" {
type = list(string)
description = "VPC Public subnet CIDRs"
default = ["172.18.96.0/20", "172.18.112.0/20", "172.18.128.0/20"]
}
#######################################
# ACM and DNS
#######################################
variable "acm_unique_id" {
type = string
description = "Unique id to be appended on ACM resource names."
}
variable "use_route53_hostedzone_for_acm" {
type = bool
description = "Indicates whether you are using a route53 hosted zone created in the current account you are using"
default = false
}
variable "route53_hosted" {
type = object({
zone_id = string
is_private = bool
})
description = "If using Route53, supply the Route53 zone details"
# default = {
# zone_id = "EXAMPLE_ZONE_ID"
# is_private = false
# }
}
variable "app_domain" {
type = string
description = "If using Route53 supply the domain on which the application will be accessed. It must be the same domain/subsdomain name used to generete the ACM certificate."
default = null # example: "dev.example.com"
}
variable "acm_cert_arn" {
type = string
description = "TLS certificate ARN from the AWS Certicate Manager console if you created the TLS certificate manually. Depends on the `use_route53_hostedzone_for_acm` variable. Format: arn:aws:acm:REGION:EXAMPLE:certificate/EXAMPLE423b3-EXAMPLE-CERTIFICATE"
default = null
}
################################################
# Application LoadBalancer Variables
################################################
variable "alb_unique_id" {
type = string
description = "The unique string to identify LoadBalancer module resources; appended on the resource names."
}
variable "alb_deregistration_delay" {
type = number
description = "Amount time in seconds for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused"
default = 300
}
variable "alb_enable_deletion_protection" {
type = bool
description = "Whether to protect the LoadBalancer from deletion."
default = false
}
variable "alb_health_check_enabled" {
type = bool
description = "Whether health checking is enabled"
default = true
}
variable "alb_health_check_interval" {
type = number
description = "Approximate amount of time, in seconds, between health checks of an individual target. The range is 5-300."
default = 70
}
variable "alb_health_check_healthy_threshold" {
type = number
description = "Number of consecutive health check successes required before considering a target healthy. The range is 2-10."
default = 2
}
variable "alb_health_check_matcher" {
type = string
description = "Response codes to use when checking for a healthy responses from a target"
default = "200,201,301,302"
}
variable "alb_health_check_path" {
type = string
description = "Destination for the health check request"
default = "/"
}
variable "alb_health_check_port" {
type = string
description = "The port the load balancer uses when performing health checks on targets"
default = "80"
}
variable "alb_health_check_protocol" {
type = string
description = "Protocol the load balancer uses when performing health checks on targets."
default = "HTTP"
}
variable "alb_health_check_timeout" {
type = string
description = "Amount of time, in seconds, during which no response from a target means a failed health check. The range is 2–120 seconds."
default = "60"
}
variable "alb_health_check_unhealthy_threshold" {
type = string
description = "Number of consecutive health check failures required before considering a target unhealthy."
default = "5"
}
variable "alb_idle_timeout" {
type = number
description = "Idle timeout for the LoadBalancer [0 - 4000] seconds"
default = 60
}
variable "alb_internal" {
type = bool
description = "Whether to create a private LoadBalancer."
default = false
}
variable "alb_ip_address_type" {
type = string
description = "The type of IP addresses used by the target group, only supported when target type is set to ip. Possible values are ipv4 or ipv6"
default = "ipv4"
}
variable "alb_load_balancer_type" {
type = string
description = "Type of the Elastic Loadbalancer"
default = "application"
}
variable "alb_port" {
type = number
description = "Port on which targets receive traffic, unless overridden when registering a specific target."
default = 80
}
variable "alb_preserve_host_header" {
type = bool
description = "Whether to preserve host header on the incoming requests."
default = true
}
variable "alb_target_type" {
type = string
description = "Type of target that you must specify when registering targets with this target group. https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_CreateTargetGroup.html"
default = "instance"
}
variable "alb_sec_grp_ingress" {
type = list(object({
cidr_blocks = list(string)
description = string
from_port = number
ipv6_cidr_blocks = list(string)
prefix_list_ids = list(string)
protocol = string
security_groups = list(string)
to_port = number
self = bool
}))
description = "A list of ingress rule as objects for the ALB security group"
/* default = [
{
cidr_blocks = ["0.0.0.0/0"]
description = "HTTP"
from_port = 80
ipv6_cidr_blocks = null
prefix_list_ids = null
protocol = "tcp"
security_groups = null
to_port = 80
self = null
},
{
cidr_blocks = ["0.0.0.0/0"]
description = "HTTPS"
from_port = 443
ipv6_cidr_blocks = null
prefix_list_ids = null
protocol = "tcp"
security_groups = null
to_port = 443
self = null
}
] */
}
variable "alb_sec_grp_egress" {
type = list(object({
cidr_blocks = list(string)
description = string
from_port = number
ipv6_cidr_blocks = list(string)
prefix_list_ids = list(string)
protocol = string
security_groups = list(string)
to_port = number
self = bool
}))
description = "A list of egress rule as objects for the ALB security group"
/* default = [
{
cidr_blocks = ["0.0.0.0/0"]
description = "Everywhere"
from_port = 0
ipv6_cidr_blocks = null
prefix_list_ids = null
protocol = "-1"
security_groups = null
to_port = 0
self = null
}
] */
}
################################################
# AutoScalingGroup Variables
################################################
variable "asg_unique_id" {
type = string
description = "The unique string to identify ASG module resources; appended on the resource names."
}
variable "asg_ami_id" {
type = string
description = "The AMI ID from the product configuration page on AWS Marketplace. You must first subscribe to the product and then click on configuration button to view the AMI details."
}
variable "asg_delete_on_termination" {
type = bool
description = "Whether to delete attached ELB volume on instance termination"
default = true
}
variable "asg_detailed_monitoring" {
type = bool
description = "Whether to enable detailed monitoring of the instances in the ASG"
default = true
}
variable "asg_disk_size" {
type = number
description = "The disk size allocated for each instance"
default = 40
}
variable "asg_health_check_grace_period" {
type = number
description = "The disk size allocated for each instance"
default = 300
}
variable "asg_health_check_type" {
type = string
description = "The healthcheck type used by ASG. Can be ELB or EC2"
default = "ELB"
}
variable "asg_instance_type" {
type = string
description = "The instance type used by ASG on the launced instances"
default = "t2.small"
}
variable "asg_root_device" {
type = string
description = "The root device for the instances. Default /dev/xvda for Amazon Linux instances used for this setup."
default = "/dev/xvda"
}
variable "asg_size_configuration" {
type = object({
max_size = number
min_size = number
warm_pool_pool_state = string # ["Hibernated" "Stopped" "Running" "Hibernated"]
warm_pool_prep_capacity = number
warm_pool_prep_min_size = number
warm_pool_reuse_on_scale = bool
})
description = "The configuration for the ASG size. The warmpool variable define the instances that will be prepared in adavance and their waiting states."
default = {
max_size = 2
min_size = 1
warm_pool_pool_state = "Hibernated" # ["Stopped" "Running" "Hibernated"]
warm_pool_prep_capacity = 1
warm_pool_prep_min_size = 1
warm_pool_reuse_on_scale = true
}
}
variable "asg_scaling_alarms_config" {
type = map(object({
enabled = bool
threshold = number
evaluation_periods = number
period = number
}))
description = "A map of objects with values for the Autosacling group alarms configurations."
default = {
cpu_scale_in = {
enabled = true
threshold = 10
evaluation_periods = 3
period = 120
}
cpu_scale_out = {
enabled = true
threshold = 75
evaluation_periods = 2
period = 120
}
net_out_scale_in = {
enabled = false
threshold = null #120000000
evaluation_periods = null #3
period = null #120
}
net_out_scale_out = {
enabled = false
threshold = null #5000000000
evaluation_periods = null #2
period = null #120
}
net_in_scale_in = {
enabled = false
threshold = null #120000000
evaluation_periods = null #3
period = null #120
}
net_in_scale_out = {
enabled = false
threshold = null #5000000000
evaluation_periods = null #2
period = null #120
}
}
}
variable "asg_scaling_policy" {
type = map(map(number))
description = "Definition for the autosacling group scaling policies"
default = {
scale_down = {
adjustment = -1
cooldown = 300
}
scale_up = {
adjustment = 1
cooldown = 120
}
}
}
variable "asg_sec_grp_ingress" {
type = list(object({
cidr_blocks = list(string)
description = string
from_port = number
ipv6_cidr_blocks = list(string)
prefix_list_ids = list(string)
protocol = string
security_groups = list(string)
to_port = number
self = bool
}))
description = "A list of ingress rule as objects for the ASG security group"
/* default = [
{
cidr_blocks = ["0.0.0.0/0"]
description = "HTTP"
from_port = 80
ipv6_cidr_blocks = null
prefix_list_ids = null
protocol = "tcp"
security_groups = null
to_port = 80
self = null
},
{
cidr_blocks = ["0.0.0.0/0"]
description = "HTTPS"
from_port = 443
ipv6_cidr_blocks = null
prefix_list_ids = null
protocol = "tcp"
security_groups = null
to_port = 443
self = null
}
] */
}
variable "asg_sec_grp_egress" {
type = list(object({
cidr_blocks = list(string)
description = string
from_port = number
ipv6_cidr_blocks = list(string)
prefix_list_ids = list(string)
protocol = string
security_groups = list(string)
to_port = number
self = bool
}))
description = "A list of egress rule as objects for the ASG security group"
/* default = [
{
cidr_blocks = ["0.0.0.0/0"]
description = "Everywhere"
from_port = 0
ipv6_cidr_blocks = null
prefix_list_ids = null
protocol = "-1"
security_groups = null
to_port = 0
self = null
}
] */
}