terraform-tofu-labs/demo/iac/modules/cluster/variables.tf
2024-04-15 21:41:32 +01:00

177 lines
5.6 KiB
HCL

variable "create" {
description = "Determines whether resources will be created (affects all resources)"
type = bool
default = true
}
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
}
################################################################################
# Cluster
################################################################################
variable "cluster_name" {
description = "Name of the cluster (up to 255 letters, numbers, hyphens, and underscores)"
type = string
default = ""
}
variable "cluster_configuration" {
description = "The execute command configuration for the cluster"
type = any
default = {}
}
variable "cluster_settings" {
description = "List of configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster"
type = any
default = [
{
name = "containerInsights"
value = "enabled"
}
]
}
variable "cluster_service_connect_defaults" {
description = "Configures a default Service Connect namespace"
type = map(string)
default = {}
}
################################################################################
# CloudWatch Log Group
################################################################################
variable "create_cloudwatch_log_group" {
description = "Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled"
type = bool
default = true
}
variable "cloudwatch_log_group_name" {
description = "Custom name of CloudWatch Log Group for ECS cluster"
type = string
default = null
}
variable "cloudwatch_log_group_retention_in_days" {
description = "Number of days to retain log events"
type = number
default = 90
}
variable "cloudwatch_log_group_kms_key_id" {
description = "If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)"
type = string
default = null
}
variable "cloudwatch_log_group_tags" {
description = "A map of additional tags to add to the log group created"
type = map(string)
default = {}
}
################################################################################
# Capacity Providers
################################################################################
variable "default_capacity_provider_use_fargate" {
description = "Determines whether to use Fargate or autoscaling for default capacity provider strategy"
type = bool
default = true
}
variable "fargate_capacity_providers" {
description = "Map of Fargate capacity provider definitions to use for the cluster"
type = any
default = {}
}
variable "autoscaling_capacity_providers" {
description = "Map of autoscaling capacity provider definitions to create for the cluster"
type = any
default = {}
}
################################################################################
# Task Execution - IAM Role
# https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html
################################################################################
variable "create_task_exec_iam_role" {
description = "Determines whether the ECS task definition IAM role should be created"
type = bool
default = false
}
variable "task_exec_iam_role_name" {
description = "Name to use on IAM role created"
type = string
default = null
}
variable "task_exec_iam_role_use_name_prefix" {
description = "Determines whether the IAM role name (`task_exec_iam_role_name`) is used as a prefix"
type = bool
default = true
}
variable "task_exec_iam_role_path" {
description = "IAM role path"
type = string
default = null
}
variable "task_exec_iam_role_description" {
description = "Description of the role"
type = string
default = null
}
variable "task_exec_iam_role_permissions_boundary" {
description = "ARN of the policy that is used to set the permissions boundary for the IAM role"
type = string
default = null
}
variable "task_exec_iam_role_tags" {
description = "A map of additional tags to add to the IAM role created"
type = map(string)
default = {}
}
variable "task_exec_iam_role_policies" {
description = "Map of IAM role policy ARNs to attach to the IAM role"
type = map(string)
default = {}
}
variable "create_task_exec_policy" {
description = "Determines whether the ECS task definition IAM policy should be created. This includes permissions included in AmazonECSTaskExecutionRolePolicy as well as access to secrets and SSM parameters"
type = bool
default = true
}
variable "task_exec_ssm_param_arns" {
description = "List of SSM parameter ARNs the task execution role will be permitted to get/read"
type = list(string)
default = ["arn:aws:ssm:*:*:parameter/*"]
}
variable "task_exec_secret_arns" {
description = "List of SecretsManager secret ARNs the task execution role will be permitted to get/read"
type = list(string)
default = ["arn:aws:secretsmanager:*:*:secret:*"]
}
variable "task_exec_iam_statements" {
description = "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage"
type = any
default = {}
}