generated from appvia/terraform-aws-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
172 lines (162 loc) · 5.25 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
variable "tags" {
description = "A map of tags to resources provisioned by this module."
type = map(string)
}
variable "organization" {
description = "The organization with the tree of organizational units and accounts to construct. Defaults to an object with an empty list of units and accounts"
type = object({
units = optional(list(object({
name = string,
key = string,
units = optional(list(object({
name = string,
key = string,
units = optional(list(object({
name = string,
key = string,
units = optional(list(object({
name = string,
key = string,
units = optional(list(object({
name = string,
key = string,
})), [])
})), [])
})), [])
})), [])
})), [])
})
default = {}
}
variable "service_quotas" {
description = "A collection of service quotas to apply to the organization."
type = list(object({
service_code = string
# The service code of the service quota
quota_code = string
# The quota code of the service quota
value = number
# The value of the service quota
}))
default = []
}
variable "enable_aws_services" {
description = "A list of AWS services to enable for the organization."
type = list(string)
default = [
"access-analyzer.amazonaws.com",
"account.amazonaws.com",
"cloudtrail.amazonaws.com",
"compute-optimizer.amazonaws.com",
"config-multiaccountsetup.amazonaws.com",
"config.amazonaws.com",
"controltower.amazonaws.com",
"cost-optimization-hub.bcm.amazonaws.com",
"guardduty.amazonaws.com",
"ram.amazonaws.com",
"securityhub.amazonaws.com",
"servicequotas.amazonaws.com",
"sso.amazonaws.com",
"tagpolicies.tag.amazonaws.com",
]
}
variable "enable_policy_types" {
description = "A list of policy types to enable for the organization."
type = list(string)
default = [
"AISERVICES_OPT_OUT_POLICY",
"BACKUP_POLICY",
"RESOURCE_CONTROL_POLICY",
"SERVICE_CONTROL_POLICY",
"TAG_POLICY",
]
}
variable "tagging_policies" {
description = "A map of tagging policies to apply to the organization's root."
type = map(object({
description = string
# A description for the tagging policy
content = string
# The content of the tagging policy
key = optional(string)
# If we created the organizational unit, this is the key to attach the policy to
target_id = optional(string)
# If the organizational unit already exists, this is the target ID to attach the policy to
}))
default = {}
}
variable "backup_policies" {
description = "A map of backup policies to apply to the organization's root."
type = map(object({
description = string
# A description for the backup policy
content = string
# The content of the backup policy
key = optional(string)
# If we created the organizational unit, this is the key to attach the policy to
target_id = optional(string)
# If the organizational unit already exists, this is the target ID to attach the policy to
}))
default = {}
}
variable "service_control_policies" {
description = "A map of service control policies (SCPs) to apply to the organization's root."
type = map(object({
description = string
# A description for the service control policy
content = string
# The content of the service control policy
key = optional(string)
# If we created the organizational unit, this is the key to attach the policy to
target_id = optional(string)
# If the organizational unit already exists, this is the target ID to attach the policy to
}))
default = {}
}
variable "enable_delegation" {
description = "Provides at the capability to delegate the management of a service to another AWS account."
type = object({
access_analyzer = optional(object({
account_name = string
# The name of the account to delegate the management of Access Analyzer to
}), null)
guardduty = optional(object({
account_name = string
# The name of the account to delegate the management of GuardDuty to
}), null)
inspection = optional(object({
account_name = string
# The name of the account to delegate the management of Inspector to
}), null)
ipam = optional(object({
account_name = string
# The name of the account to delegate the management of IPAM to
}), null)
macie = optional(object({
account_name = string
# The name of the account to delegate the management of Macie to
}), null)
organizations = optional(object({
account_name = string
# The name of the account to delegate the management of Organizations to
}), null)
securityhub = optional(object({
account_name = string
# The name of the account to delegate the management of Security Hub to
}), null)
stacksets = optional(object({
account_name = string
# The name of the account to delegate the management of StackSets to
}), null)
})
default = {
access_analyzer = null
guardduty = null
inspection = null
ipam = null
macie = null
organizations = null
securityhub = null
stacksets = null
}
}