forked from gofireflyio/terraform-firefly-aws-onboarding
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
144 lines (121 loc) · 3.67 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
variable "name" {
type = string
description = "Name of the AWS integration"
}
variable "role_external_id" {
type = string
description = "The External Id for the Firefly role generated"
}
variable "firefly_token" {
type = string
description = "Token returned as result of login request"
default = ""
}
variable "firefly_access_key" {
type = string
description = "Your authentication access_key"
default = ""
}
variable "firefly_secret_key" {
type = string
description = "Your authentication secret_key"
default = ""
}
variable "enable_iac_auto_discover" {
type = bool
description = "Whether to create the integration with IaC auto discover (searches for state files in S3 buckets)"
default = true
}
variable "allowed_s3_iac_buckets" {
type = list(string)
description = "The list of S3 buckets to allow Firefly to read state files from. Omit to allow all buckets."
default = []
}
variable "firefly_endpoint" {
type = string
description = "The Firefly endpoint to register account management"
default = "https://prodapi.gofirefly.io/api"
}
variable is_prod {
type = bool
default = false
description = "Is Production?"
}
variable exist_integration {
type = bool
default = false
description = "Whether the integration already exists or not"
}
variable "firefly_role_name" {
default = "firefly-caa-role"
type = string
}
variable "firefly_deny_list_policy_name" {
type = string
description = "The name for the Firefly deny policy generated"
default = "FireflyReadonlyPolicyDenyList"
}
variable full_scan_enabled {
type = bool
default = true
description = "Full scan enabled?"
}
variable is_event_driven {
type = bool
default = false
description = "Install Event driven?"
}
variable terraform_create_rules {
type = bool
default = false
description = "Create eventbridge rules using terraform?"
}
variable event_driven_regions {
type = list(string)
description = "The list of regions to install firefly event driven in"
default = [
"us-east-2", "us-east-1", "us-west-1", "us-west-2", "af-south-1", "ap-east-1", "ap-south-1", "ap-northeast-3",
"ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "cn-north-1",
"cn-northwest-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-south-1", "eu-west-3", "eu-north-1", "me-south-1",
"sa-east-1"
]
}
variable "target_event_bus_arn" {
type = string
description = "The firefly event bus arn to put cloudtrail events in"
default = "arn:aws:events:us-east-1:094724549126:event-bus/prod-stablefly-event-bus"
}
variable "buckets_by_region" {
type = map(list(string))
description = ""
default = {}
}
variable "iac_events_sns" {
default = "arn:aws:sns:us-east-1:094724549126:firefly-iac-states-update-topic"
description = "Firefly sns which receives s3 object events notification"
}
variable "use_config_service" {
type = bool
default = false
description = "Allow Firefly to read the config service s3 objects"
}
variable "enable_evntbridge_permissions" {
type = bool
default = true
description = "enable firefly eventbridge permissions"
}
variable "tags" {
type = map
default = {}
description = "Tags to apply to all created AWS resources"
}
variable "resource_prefix" {
type = string
default = ""
description = "Prefix to add to all resources created"
}
variable "firefly_organization_id" {
type = string
default = "094724549126"
description = "FireFly AWS account ID to allow assume role from, do not override unless explicitly needed"
}