-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
155 lines (135 loc) · 4.02 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
variable "domain" {
type = string
description = "Domain used for this deployment."
}
variable "certificate_domain" {
type = string
description = "Domain for the imported certificate, if different from the endpoint. Used in conjunction with certificate_imported."
default = ""
}
variable "certificate_imported" {
type = bool
description = "Look up an imported certificate instead of creating a managed one."
default = false
}
variable "custom_headers" {
type = map(string)
description = "Custom headers to send to the origin."
default = {}
}
variable "environment" {
type = string
description = "Environment for the deployment."
default = "dev"
}
variable "ip_set_rules" {
type = map(object({
name = optional(string, "")
action = optional(string, "allow")
priority = optional(number, null)
arn = string
}))
description = "Custom IP Set rules for the WAF."
default = {}
}
variable "log_bucket" {
type = string
description = "S3 Bucket to send logs to."
}
variable "log_group" {
type = string
description = "CloudWatch log group to send WAF logs to."
}
variable "origin_domain" {
type = string
description = "Origin domain this deployment will point to. Defaults to origin.subdomain.domain."
default = ""
}
variable "passive" {
type = bool
description = "Enable passive mode for the WAF, counting all requests rather than blocking."
default = false
}
variable "project" {
type = string
description = "Project that these resources are supporting."
}
variable "rate_limit_rules" {
type = map(object({
name = optional(string, "")
action = optional(string, "block")
limit = optional(number, 10)
window = optional(number, 60)
priority = optional(number, null)
}))
description = "Rate limiting configuration for the WAF."
default = {}
}
variable "request_policy" {
type = string
description = "Managed request policy to associate with the distribution."
default = "AllViewer"
validation {
condition = contains([
"AllViewer",
"AllViewerAndCloudFrontHeaders-2022-06",
"AllViewerExceptHostHeader",
"CORS-CustomOrigin",
"CORS-S3Origin",
"Elemental-MediaTailor-PersonalizedManifests",
"UserAgentRefererHeaders"
], var.request_policy)
error_message = "Invalid request policy. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html"
}
}
variable "subdomain" {
type = string
description = "Subdomain for the distribution. Defaults to the environment."
default = ""
}
variable "tags" {
type = map(string)
description = "Tags to apply to all resources."
default = {}
}
variable "upload_paths" {
type = list(object({
constraint = optional(string, "EXACTLY")
path = string
}))
description = "Paths to allow uploads to."
default = []
}
variable "upload_rules_capacity" {
type = number
description = "Capacity for the upload rules group. Attempts to determine the capacity if left empty."
default = null
}
variable "webhooks" {
type = map(object({
paths = list(object({
constraint = optional(string, "EXACTLY")
path = string
}))
criteria = optional(list(object({
type = string
constraint = optional(string, "")
name = optional(string, "")
field = string
value = string
})), [])
action = optional(string, "allow")
}))
description = "Webhook paths to allow."
default = {}
}
variable "webhooks_priority" {
type = number
description = "Priority for the webhooks rule group. By default, an attempt is made to place it before other rules that block traffic."
default = null
}
variable "webhook_rules_capacity" {
type = number
description = "Capacity for the webhook rules group. Attempts to determine the capacity if left empty."
default = null
}