terraform-aws-alb/variables.tf.bak at main · telekom-mms/terraform-aws-alb · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
// variables.tf

variable "project_name" {
  description = "Name of the project"
  type        = string
  default     = "demo-app"
}

variable "environment" {
  description = "Environment (e.g., prod, dev, test)"
  type        = string
  default     = "test"
}

variable "name_prefix" {
  description = "Prefix for resource names (if not provided, will use project-environment pattern)"
  type        = string
  default     = ""
}


variable "tags" {
  description = "Additional tags for all resources"
  type        = map(string)
  default     = {}
}

variable "vpc_id" {
  description = "VPC ID where the ALB will be created"
  type        = string
}

variable "subnet_ids" {
  description = "List of subnet IDs for the ALB"
  type        = list(string)
}

variable "security_group_ids" {
  description = "List of security group IDs for the ALB"
  type        = list(string)
}

variable "certificate_arn" {`n  description = "ARN of the SSL certificate for HTTPS listener"`n  type        = string
  }))
  default = {}
}

variable "waf_web_acl_arn" {
  description = "ARN of the WAF Web ACL to associate with the ALB"
  type        = string
  default     = ""
}

variable "enable_access_logs" {
  description = "Enable access logs for the ALB"
  type        = bool
  default     = true # Best practice: enable logging by default
}

variable "create_logs_bucket" {
  description = "Create S3 bucket for ALB access logs"
  type        = bool
  default     = true # Secure-by-default: create bucket if logging enabled
}

variable "access_logs_bucket" {
  description = "S3 bucket name for ALB access logs (required if enable_access_logs=true and create_logs_bucket=false)"
  type        = string
  default     = ""
}

variable "access_logs_prefix" {
  description = "S3 prefix for ALB access logs"
  type        = string
  default     = "alb-access-logs"
}

variable "s3_kms_key_arn" {
  description = "ARN of the KMS key for S3 bucket encryption (if empty, uses S3 managed keys)"
  type        = string
  default     = ""
}

variable "aws_region" {
  description = "AWS region where resources will be created"
  type        = string
}

variable "s3_server_side_encryption_algorithm" {
  description = "Server-side encryption algorithm for S3 bucket"
  type        = string
  default     = "AES256"
}

variable "alb_logs_s3_policy_principal" {
  description = "IAM principal for S3 bucket policy (default is ELB service account)"
  type        = string
  default     = ""
}

variable "access_logs_enabled" {
  description = "Enable access logs for the ALB"
  type        = bool
  default     = true
}

variable "health_check_enabled" {
  description = "Enable health checks for target groups"
  type        = bool
  default     = true
}

variable "preserve_host_header" {
  description = "Indicates whether the Host header should be preserved and forwarded to targets"
  type        = bool
  default     = false
}