-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathvariables.tf
234 lines (198 loc) · 6.28 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
variable "name" {
type = string
default = ""
description = "Client VPN Name"
}
variable "enabled" {
type = bool
default = true
description = "Client VPN Name"
}
variable "repository" {
type = string
default = "https://github.com/clouddrove/terraform-aws-client-vpn"
description = "Terraform current module repo"
}
variable "environment" {
type = string
default = ""
description = "Environment (e.g. `prod`, `dev`, `staging`)."
}
variable "label_order" {
type = list(any)
default = ["name", "environment"]
description = "Label order, e.g. `name`,`application`."
}
variable "managedby" {
type = string
default = "hello@clouddrove.com"
description = "ManagedBy, eg 'CloudDrove'."
}
variable "cidr_block" {
type = string
default = ""
description = "Client VPN CIDR"
}
variable "subnet_ids" {
type = list(string)
default = []
description = "Subnet ID to associate clients"
}
variable "organization_name" {
type = string
default = "clouddrove.com"
description = "Name of organization to use in private certificate"
}
variable "logs_retention" {
type = number
default = 365
description = "Retention in days for CloudWatch Log Group"
}
variable "route_cidr" {
type = list(any)
default = []
description = "Client Route CIDR"
}
variable "route_subnet_ids" {
type = list(any)
default = []
description = "Client Route Subnet Ids"
}
variable "network_cidr" {
type = list(any)
default = []
description = "Client Network CIDR"
}
variable "split_tunnel_enable" {
type = bool
default = false
description = "Indicates whether split-tunnel is enabled on VPN endpoint."
}
variable "dns_names" {
type = list(any)
default = ["clouddrove.com"]
description = "List of DNS names for which a certificate is being requested."
}
variable "authentication_type" {
type = string
default = "certificate-authentication"
description = "The type of client authentication to be used."
}
variable "active_directory_id" {
type = string
default = ""
description = "The ID of AWS AD to be used with directory-service-authentication authentication type."
}
variable "saml_arn" {
type = string
default = ""
description = "The ARN of the IAM SAML identity provider. "
}
variable "self_saml_arn" {
type = string
default = ""
description = "The ARN of the IAM SAML identity provider for the self service portal. "
}
variable "security_group_ids" {
type = list(any)
default = []
description = "The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups."
}
variable "vpc_id" {
type = string
default = ""
description = "The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied."
}
variable "group_ids" {
type = list(any)
default = []
description = "The ID of the group to which the authorization rule grants access."
}
variable "session_timeout_hours" {
type = number
default = 24
description = "The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24"
}
variable "certificate_enabled" {
type = bool
default = true
}
variable "connection_logging" {
type = bool
default = true
description = "Connection logging is a feature of AWS client VPN that enables you to capture connection logs for your client VPN endpoint. Before you enable, you must have a CloudWatch Logs log group in your account."
}
variable "vpn_port" {
type = number
default = 443
description = "The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443."
}
variable "self_service_portal" {
type = string
default = "disabled"
description = "Optionally specify whether the VPC Client self-service portal is enabled or disabled. Default is disabled"
}
variable "rsa_bits" {
type = number
default = 2048
description = "When algorithm is RSA, the size of the generated RSA key, in bits (default: 2048)."
}
variable "algorithm" {
type = string
default = "RSA"
description = "Name of the algorithm to use when generating the private key. Currently-supported values are: RSA, ECDSA, ED25519."
}
variable "validity_period_hours" {
type = number
default = 87600
description = "Number of hours, after initial issuing, that the certificate will remain valid for."
}
variable "is_ca_certificate" {
type = bool
default = true
description = "Is the generated certificate representing a Certificate Authority (CA)."
}
variable "authorize_all_groups" {
type = bool
default = true
description = "Indicates whether the authorization rule grants access to all clients. One of access_group_id or authorize_all_groups must be set."
}
variable "target_network_cidr" {
type = list(string)
default = ["0.0.0.0/0"]
description = "List of CIDR ranges from which access is allowed"
}
variable "security_group_ingress" {
type = list(map(string))
default = [
{
from_port = 0
protocol = -1
self = true
to_port = 0
}
]
description = "List of maps of ingress rules to set on the default security group"
}
variable "security_group_egress" {
type = list(map(string))
default = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = "0.0.0.0/0"
}
]
description = "List of maps of egress rules to set on the default security group"
}
variable "enable_security_group" {
type = bool
default = true
description = "create for security group module this value is enable 'true'"
}
variable "dns_servers" {
type = list(string)
default = null
description = "(Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used."
}