forked from cloudposse/terraform-aws-vpc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
162 lines (145 loc) · 5.91 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
variable "ipv4_primary_cidr_block" {
type = string
description = <<-EOT
The primary IPv4 CIDR block for the VPC.
Either `ipv4_primary_cidr_block` or `ipv4_primary_cidr_block_association` must be set, but not both.
EOT
default = null
}
# New value trumps old value, but both can be null, so cannot use coalesce()
locals { ipv4_primary_cidr_block = var.ipv4_primary_cidr_block == null ? var.cidr_block : var.ipv4_primary_cidr_block }
variable "ipv4_primary_cidr_block_association" {
type = object({
ipv4_ipam_pool_id = string
ipv4_netmask_length = number
})
description = <<-EOT
Configuration of the VPC's primary IPv4 CIDR block via IPAM. Conflicts with `ipv4_primary_cidr_block`.
One of `ipv4_primary_cidr_block` or `ipv4_primary_cidr_block_association` must be set.
Additional CIDR blocks can be set via `ipv4_additional_cidr_block_associations`.
EOT
default = null
}
variable "ipv4_additional_cidr_block_associations" {
type = map(object({
ipv4_cidr_block = string
ipv4_ipam_pool_id = string
ipv4_netmask_length = number
}))
description = <<-EOT
IPv4 CIDR blocks to assign to the VPC.
`ipv4_cidr_block` may be set explicitly or derived from `ipv4_ipam_pool_id` using `ipv4_netmask_length`.
Map keys must be known at `plan` time. When migrating from `additional_cidr_blocks`,
set map key to `ipv4_cidr_block` value to avoid Terraform changes.
EOT
default = {}
}
variable "ipv4_cidr_block_association_timeouts" {
type = object({
create = string
delete = string
})
description = "Timeouts (in `go` duration format) for creating and destroying IPv4 CIDR block associations"
default = null
}
variable "assign_generated_ipv6_cidr_block" {
type = bool
description = "Whether to assign generated ipv6 cidr block to the VPC (defaults to `true`). Conflicts with `ipv6_ipam_pool_id`."
default = null
}
# assign_generated_ipv6_cidr_block was only briefly deprecated in favor of ipv6_enabled, so it retains
# precedence. They both defaulted to `true` so we leave the default true.
locals { assign_generated_ipv6_cidr_block = coalesce(var.assign_generated_ipv6_cidr_block, var.ipv6_enabled, true) }
variable "ipv6_primary_cidr_block_association" {
type = object({
ipv6_cidr_block = string
ipv6_ipam_pool_id = string
ipv6_netmask_length = number
})
description = <<-EOT
Primary IPv6 CIDR blocksto assign to the VPC. Conflicts with `assign_generated_ipv6_cidr_block`.
`ipv6_cidr_block` be set explicitly or derived from `ipv6_ipam_pool_id` using `ipv6_netmask_length`.
EOT
default = null
}
variable "ipv6_additional_cidr_block_associations" {
type = map(object({
ipv6_cidr_block = string
ipv6_ipam_pool_id = string
ipv6_netmask_length = number
}))
description = <<-EOT
IPv6 CIDR blocks to assign to the VPC (in addition to the autogenerated one).
`ipv6_cidr_block` be set explicitly or derived from `ipv6_ipam_pool_id` using `ipv6_netmask_length`.
Map keys must be known at `plan` time and are used solely to prevent unnecessary changes.
EOT
default = {}
}
variable "ipv6_cidr_block_association_timeouts" {
type = object({
create = string
delete = string
})
description = "Timeouts (in `go` duration format) for creating and destroying IPv6 CIDR block associations"
default = null
}
variable "ipv6_cidr_block_network_border_group" {
type = string
description = <<-EOT
Set this to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones.
EOT
default = null
}
variable "instance_tenancy" {
type = string
description = "A tenancy option for instances launched into the VPC"
default = "default"
validation {
condition = contains(["default", "dedicated", "host"], var.instance_tenancy)
error_message = "Instance tenancy must be one of \"default\", \"dedicated\", or \"host\"."
}
}
variable "dns_hostnames_enabled" {
type = bool
description = "A boolean flag to enable/disable DNS hostnames in the VPC"
default = true
}
locals { dns_hostnames_enabled = coalesce(var.enable_dns_hostnames, var.dns_hostnames_enabled) }
variable "dns_support_enabled" {
type = bool
description = "A boolean flag to enable/disable DNS support in the VPC"
default = true
}
locals { dns_support_enabled = coalesce(var.enable_dns_support, var.dns_support_enabled) }
variable "classiclink_enabled" {
type = bool
description = "A boolean flag to enable/disable ClassicLink for the VPC"
default = false
}
locals { classiclink_enabled = coalesce(var.enable_classiclink, var.classiclink_enabled) }
variable "classiclink_dns_support_enabled" {
type = bool
description = "A boolean flag to enable/disable ClassicLink DNS Support for the VPC"
default = false
}
locals { classiclink_dns_support_enabled = coalesce(var.enable_classiclink_dns_support, var.classiclink_dns_support_enabled) }
variable "default_security_group_deny_all" {
type = bool
default = true
description = <<-EOT
When `true`, manage the default security group and remove all rules, disabling all ingress and egress.
When `false`, do not manage the default security group, allowing it to be managed by another component
EOT
}
locals { default_security_group_deny_all = local.enabled && coalesce(var.enable_default_security_group_with_custom_rules, var.default_security_group_deny_all) }
variable "internet_gateway_enabled" {
type = bool
description = "A boolean flag to enable/disable Internet Gateway creation"
default = true
}
locals { internet_gateway_enabled = local.enabled && coalesce(var.enable_internet_gateway, var.internet_gateway_enabled) }
variable "ipv6_egress_only_internet_gateway_enabled" {
type = bool
description = "A boolean flag to enable/disable IPv6 Egress-Only Internet Gateway creation"
default = false
}