-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
109 lines (93 loc) · 2.72 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
variable "bucket_suffix" {
type = bool
description = "Adds a random suffix to the bucket name."
default = false
}
variable "cloudwatch_log_retention" {
type = number
description = "Number of days to retain logs in CloudWatch."
default = 30
}
variable "environment" {
type = string
description = "Environment for the deployment."
default = "dev"
}
variable "key_recovery_period" {
type = number
default = 30
description = "Recovery period for deleted KMS keys in days. Must be between 7 and 30."
validation {
condition = var.key_recovery_period > 6 && var.key_recovery_period < 31
error_message = "Recovery period must be between 7 and 30."
}
}
variable "log_groups" {
type = map(object({
name = optional(string, "")
class = optional(string, "STANDARD")
retention = optional(number, null)
tags = optional(map(string), {})
}))
description = "List of CloudWatch log groups to create."
default = {}
}
variable "log_groups_to_datadog" {
type = bool
description = "Send CloudWatch logs to Datadog. The Datadog forwarder must have already been deployed."
default = true
}
variable "object_expiration" {
type = number
description = "Age (in days) before logs in S3 are expired."
default = 90
}
variable "object_ia_age" {
type = number
description = "Age (in days) before logs in S3 are moved to to the infrequent access storage tier."
default = 30
}
variable "object_lock_age" {
type = number
description = "Age (based on the lock period) of an object before the lock is removed."
default = 30
}
variable "object_lock_mode" {
type = string
description = "Object lock mode for the bucket."
default = "GOVERNANCE"
validation {
condition = contains([
"COMPLIANCE",
"DISABLED",
"GOVERNANCE"
], var.object_lock_mode)
error_message = "Valid object lock modes are: COMPLIANCE, DISABLED, GOVERNANCE."
}
}
variable "object_lock_period" {
type = string
description = "Period for which objects are locked. Valid values are days or years."
default = "days"
validation {
condition = contains([
"days",
"years"
], var.object_lock_period)
error_message = "Valid object lock periods are: days, years."
}
}
variable "object_noncurrent_expiration" {
type = number
description = "Age (in days) before non-current versions of logs in S3 are expired."
default = 30
}
variable "project" {
type = string
description = "Project that these resources are supporting."
}
variable "tags" {
type = map(string)
description = "Tags to apply to all resources."
default = {}
}