-
-
Notifications
You must be signed in to change notification settings - Fork 540
/
variables.tf
193 lines (161 loc) · 6.05 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
variable "create" {
description = "Determines whether resources will be created (affects all resources)"
type = bool
default = true
}
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
}
################################################################################
# Cluster
################################################################################
variable "cluster_name" {
description = "Name of the cluster (up to 255 letters, numbers, hyphens, and underscores)"
type = string
default = ""
}
variable "cluster_configuration" {
description = "The execute command configuration for the cluster"
type = any
default = {}
}
variable "cluster_settings" {
description = "List of configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster"
type = any
default = [
{
name = "containerInsights"
value = "enabled"
}
]
}
variable "cluster_service_connect_defaults" {
description = "Configures a default Service Connect namespace"
type = map(string)
default = {}
}
variable "cluster_tags" {
description = "A map of additional tags to add to the cluster"
type = map(string)
default = {}
}
################################################################################
# CloudWatch Log Group
################################################################################
variable "create_cloudwatch_log_group" {
description = "Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled"
type = bool
default = true
}
variable "cloudwatch_log_group_name" {
description = "Custom name of CloudWatch Log Group for ECS cluster"
type = string
default = null
}
variable "cloudwatch_log_group_retention_in_days" {
description = "Number of days to retain log events"
type = number
default = 90
}
variable "cloudwatch_log_group_kms_key_id" {
description = "If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)"
type = string
default = null
}
variable "cloudwatch_log_group_tags" {
description = "A map of additional tags to add to the log group created"
type = map(string)
default = {}
}
################################################################################
# Capacity Providers
################################################################################
variable "default_capacity_provider_use_fargate" {
description = "Determines whether to use Fargate or autoscaling for default capacity provider strategy"
type = bool
default = true
}
variable "fargate_capacity_providers" {
description = "Map of Fargate capacity provider definitions to use for the cluster"
type = any
default = {}
}
variable "autoscaling_capacity_providers" {
description = "Map of autoscaling capacity provider definitions to create for the cluster"
type = any
default = {}
}
################################################################################
# Task Execution - IAM Role
# https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html
################################################################################
variable "create_task_exec_iam_role" {
description = "Determines whether the ECS task definition IAM role should be created"
type = bool
default = false
}
variable "task_exec_iam_role_name" {
description = "Name to use on IAM role created"
type = string
default = null
}
variable "task_exec_iam_role_use_name_prefix" {
description = "Determines whether the IAM role name (`task_exec_iam_role_name`) is used as a prefix"
type = bool
default = true
}
variable "task_exec_iam_role_path" {
description = "IAM role path"
type = string
default = null
}
variable "task_exec_iam_role_description" {
description = "Description of the role"
type = string
default = null
}
variable "task_exec_iam_role_permissions_boundary" {
description = "ARN of the policy that is used to set the permissions boundary for the IAM role"
type = string
default = null
}
variable "task_exec_iam_role_tags" {
description = "A map of additional tags to add to the IAM role created"
type = map(string)
default = {}
}
variable "task_exec_iam_role_policies" {
description = "Map of IAM role policy ARNs to attach to the IAM role"
type = map(string)
default = {}
}
variable "create_task_exec_policy" {
description = "Determines whether the ECS task definition IAM policy should be created. This includes permissions included in AmazonECSTaskExecutionRolePolicy as well as access to secrets and SSM parameters"
type = bool
default = true
}
variable "task_exec_ssm_param_arns" {
description = "List of SSM parameter ARNs the task execution role will be permitted to get/read"
type = list(string)
default = ["arn:aws:ssm:*:*:parameter/*"]
}
variable "task_exec_secret_arns" {
description = "List of SecretsManager secret ARNs the task execution role will be permitted to get/read"
type = list(string)
default = ["arn:aws:secretsmanager:*:*:secret:*"]
}
variable "task_exec_iam_statements" {
description = "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage"
type = any
default = {}
}
################################################################################
# Service(s)
################################################################################
variable "services" {
description = "Map of service definitions to create"
type = any
default = {}
}