-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvariables.tf
90 lines (75 loc) · 2.76 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
variable "rotation_type" {
type = string
description = "Is this `single` or `multi` user rotation?"
default = "single"
validation {
condition = var.rotation_type == "single" || var.rotation_type == "multi"
error_message = "The rotation_type value must be either `single` or `multi`."
}
}
variable "rotation_days" {
type = number
description = "How often in days the secret will be rotated"
default = 30
}
variable "subnets_lambda" {
type = list(any)
description = "The subnets where the Lambda Function will be run"
}
variable "replica_regions" {
type = list(object({
kms_key_id = string
region = string
}))
description = "A list of objects containing the regions to which to replicate the secret. Each element in the list must be an object with `kms_key_id` and `region` keys. `kms_key_id` may be set to `null` to use the default AWS-managed KMS key."
default = []
}
variable "mysql_username" {
type = string
description = "The MySQL/Aurora username you chose during RDS creation or another one that you want to rotate"
}
variable "mysql_dbname" {
type = string
description = "The Database name inside your RDS"
}
variable "mysql_host" {
type = string
description = "The RDS endpoint to connect to your database"
}
variable "mysql_password" {
type = string
description = "The password that you want to rotate, this will be changed after the creation"
}
variable "mysql_port" {
type = number
description = "In case you don't have your MySQL on default port and you need to change it"
default = 3306
}
variable "secretsmanager_masterarn" {
type = string
description = "The ARN of the Secrets Manager which rotates the MySQL superuser"
default = ""
}
#variable "additional_kms_role_arn" {
# type = list
# description = "If you want add another role of another resource to access to the kms key used to encrypt the secret"
# default = []
#}
variable "security_group" {
type = list(any)
description = "The security group(s) where the Lambda Function will be run. This must have access to the RDS instance. The best option is to make this the RDS' security group and allow the SG to access itself"
}
variable "mysql_replicahost" {
type = string
description = "The RDS replica endpoint to connect to your read-only database"
default = null
}
variable "secret_label_order" {
type = list(any)
default = ["namespace", "environment", "stage", "name", "attributes"]
description = <<-EOT
The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present.
EOT
}