-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvariables.tf
More file actions
146 lines (124 loc) · 3.69 KB
/
variables.tf
File metadata and controls
146 lines (124 loc) · 3.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
// variables.tf
variable "project_name" {
description = "Name of the project"
type = string
}
variable "environment" {
description = "Environment (e.g., prod, dev, test)"
type = string
}
variable "vpc_id" {
description = "ID of the VPC where security groups will be created"
type = string
}
variable "name_prefix" {
description = "Prefix for resource names (if not provided, will use project-environment pattern)"
type = string
default = ""
}
variable "tags" {
description = "Additional tags for all resources"
type = map(string)
default = {}
}
# Web Tier Configuration
variable "create_web_tier_sg" {
description = "Create security group for web tier"
type = bool
default = true
}
variable "allowed_web_cidrs" {
description = "CIDR blocks allowed to access the web tier"
type = list(string)
default = ["0.0.0.0/0"]
}
variable "allow_http" {
description = "Allow HTTP (port 80) traffic - HTTPS (443) is always enabled"
type = bool
default = false
}
variable "allowed_https_egress_cidrs" {
description = "CIDR blocks allowed for HTTPS egress from managed security groups"
type = list(string)
default = ["0.0.0.0/0"]
}
# Application Tier Configuration
variable "create_app_tier_sg" {
description = "Create security group for application tier"
type = bool
default = true
}
variable "app_port" {
description = "Port for application tier communication"
type = number
default = 8080
}
variable "web_tier_sg_ids" {
description = "List of web tier security group IDs (if not creating web tier SG)"
type = list(string)
default = []
}
# Database Tier Configuration
variable "create_db_tier_sg" {
description = "Create security group for database tier"
type = bool
default = true
}
variable "db_port" {
description = "Port for database communication"
type = number
default = 5432
}
variable "app_tier_sg_ids" {
description = "List of application tier security group IDs (if not creating app tier SG)"
type = list(string)
default = []
}
variable "db_tier_sg_ids" {
description = "List of database tier security group IDs (if not creating db tier SG)"
type = list(string)
default = []
}
# Management/Bastion Configuration
variable "create_management_sg" {
description = "Create security group for management/bastion access"
type = bool
default = true
}
variable "allowed_management_cidrs" {
description = "CIDR blocks allowed for management access"
type = list(string)
}
variable "allow_rdp" {
description = "Allow RDP (port 3389) for Windows management"
type = bool
default = false
}
variable "internal_cidrs" {
description = "Internal CIDR blocks for management access"
type = list(string)
default = ["10.0.0.0/16"]
}
# Custom Rules
variable "web_custom_ingress" {
description = "List of custom ingress rules for web tier"
type = list(object({
from_port = number
to_port = optional(number)
protocol = optional(string, "tcp")
cidr_blocks = list(string)
description = optional(string, "Custom web ingress rule")
}))
default = []
}
variable "app_custom_ingress" {
description = "List of custom ingress rules for app tier"
type = list(object({
from_port = number
to_port = optional(number)
protocol = optional(string, "tcp")
cidr_blocks = list(string)
description = optional(string, "Custom application ingress rule")
}))
default = []
}