forked from cloudposse/terraform-aws-alb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
397 lines (334 loc) · 11.5 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
variable "vpc_id" {
type = string
description = "VPC ID to associate with ALB"
}
variable "subnet_ids" {
type = list(string)
description = "A list of subnet IDs to associate with ALB"
}
variable "security_group_ids" {
type = list(string)
default = []
description = "A list of additional security group IDs to allow access to ALB"
}
variable "internal" {
type = bool
default = false
description = "A boolean flag to determine whether the ALB should be internal"
}
variable "http_port" {
type = number
default = 80
description = "The port for the HTTP listener"
}
variable "http_enabled" {
type = bool
default = true
description = "A boolean flag to enable/disable HTTP listener"
}
variable "http_redirect" {
type = bool
default = false
description = "A boolean flag to enable/disable HTTP redirect to HTTPS"
}
variable "http_ingress_cidr_blocks" {
type = list(string)
default = ["0.0.0.0/0", "::/0"]
description = "List of CIDR blocks to allow in HTTP security group"
validation {
condition = alltrue([for cidr in var.http_ingress_cidr_blocks : can(cidrhost(cidr, 0))])
error_message = "Each entry in http_ingress_cidr_blocks must be a valid CIDR block."
}
}
variable "http_ingress_prefix_list_ids" {
type = list(string)
default = []
description = "List of prefix list IDs for allowing access to HTTP ingress security group"
}
variable "certificate_arn" {
type = string
default = ""
description = "The ARN of the default SSL certificate for HTTPS listener"
}
variable "https_port" {
type = number
default = 443
description = "The port for the HTTPS listener"
}
variable "https_enabled" {
type = bool
default = false
description = "A boolean flag to enable/disable HTTPS listener"
}
variable "https_ingress_cidr_blocks" {
type = list(string)
default = ["0.0.0.0/0", "::/0"]
description = "List of CIDR blocks to allow in HTTPS security group"
validation {
condition = alltrue([for cidr in var.https_ingress_cidr_blocks : can(cidrhost(cidr, 0))])
error_message = "Each entry in https_ingress_cidr_blocks must be a valid CIDR block."
}
}
variable "https_ingress_prefix_list_ids" {
type = list(string)
default = []
description = "List of prefix list IDs for allowing access to HTTPS ingress security group"
}
variable "https_ssl_policy" {
type = string
description = "The name of the SSL Policy for the listener"
default = "ELBSecurityPolicy-2015-05"
}
variable "access_logs_prefix" {
type = string
default = ""
description = "The S3 log bucket prefix"
}
variable "access_logs_enabled" {
type = bool
default = true
description = "A boolean flag to enable/disable access_logs"
}
variable "allow_ssl_requests_only" {
type = bool
default = false
description = "Set to true to require requests to use Secure Socket Layer (HTTPS/SSL) on the access logs S3 bucket. This will explicitly deny access to HTTP requests"
}
variable "access_logs_s3_bucket_id" {
type = string
default = null
description = "An external S3 Bucket name to store access logs in. If specified, no logging bucket will be created."
}
variable "cross_zone_load_balancing_enabled" {
type = bool
default = true
description = "A boolean flag to enable/disable cross zone load balancing"
}
variable "http2_enabled" {
type = bool
default = true
description = "A boolean flag to enable/disable HTTP/2"
}
variable "idle_timeout" {
type = number
default = 60
description = "The time in seconds that the connection is allowed to be idle"
}
variable "ip_address_type" {
type = string
default = "ipv4"
description = "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`."
validation {
condition = contains(["ipv4", "dualstack"], var.ip_address_type)
error_message = "ip_address_type must be either `ipv4` or `dualstack`."
}
}
variable "deletion_protection_enabled" {
type = bool
default = false
description = "A boolean flag to enable/disable deletion protection for ALB"
}
variable "deregistration_delay" {
type = number
default = 15
description = "The amount of time to wait in seconds before changing the state of a deregistering target to unused"
}
variable "slow_start" {
type = number
default = null
description = "The amount of time (30-900 seconds) until a healthy target receives its full share of requests from the load balancer. 0 to disable."
}
variable "drop_invalid_header_fields" {
type = bool
default = false
description = "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false)."
}
variable "health_check_path" {
type = string
default = "/"
description = "The destination for the health check request"
}
variable "health_check_port" {
type = string
default = "traffic-port"
description = "The port to use for the healthcheck"
}
variable "health_check_protocol" {
type = string
default = null
description = "The protocol to use for the healthcheck. If not specified, same as the traffic protocol"
}
variable "health_check_timeout" {
type = number
default = 10
description = "The amount of time to wait in seconds before failing a health check request"
}
variable "health_check_healthy_threshold" {
type = number
default = 2
description = "The number of consecutive health checks successes required before considering an unhealthy target healthy"
}
variable "health_check_unhealthy_threshold" {
type = number
default = 2
description = "The number of consecutive health check failures required before considering the target unhealthy"
}
variable "health_check_interval" {
type = number
default = 15
description = "The duration in seconds in between health checks"
}
variable "health_check_matcher" {
type = string
default = "200-399"
description = "The HTTP response codes to indicate a healthy check"
}
variable "alb_access_logs_s3_bucket_force_destroy" {
type = bool
default = false
description = "A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error"
}
variable "target_group_port" {
type = number
default = 80
description = "The port for the default target group"
}
variable "target_group_protocol" {
type = string
default = "HTTP"
description = "The protocol for the default target group HTTP or HTTPS"
}
variable "target_group_protocol_version" {
type = string
default = "HTTP1"
description = "The protocol version for the default target group HTTP1 or HTTP2 or GRPC"
}
variable "target_group_name" {
type = string
default = ""
description = "The name for the default target group, uses a module label name if left empty"
}
variable "target_group_name_max_length" {
type = number
default = 32
description = "The max length of characters for the target group."
}
variable "target_group_target_type" {
type = string
default = "ip"
description = "The type (`instance`, `ip` or `lambda`) of targets that can be registered with the target group"
}
variable "target_group_additional_tags" {
type = map(string)
default = {}
description = "The additional tags to apply to the target group"
}
variable "listener_http_fixed_response" {
description = "Have the HTTP listener return a fixed response for the default action."
type = object({
content_type = string
message_body = string
status_code = string
})
default = null
}
variable "listener_https_fixed_response" {
description = "Have the HTTPS listener return a fixed response for the default action."
type = object({
content_type = string
message_body = string
status_code = string
})
default = null
}
variable "listener_https_redirect" {
description = "Have the HTTPS listener return a redirect response for the default action."
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener#status_code-2
type = object({
host = optional(string)
path = optional(string)
port = optional(string)
protocol = optional(string)
query = optional(string)
status_code = string
})
default = null
}
variable "lifecycle_configuration_rules" {
type = list(object({
enabled = bool
id = string
abort_incomplete_multipart_upload_days = number
# `filter_and` is the `and` configuration block inside the `filter` configuration.
# This is the only place you should specify a prefix.
filter_and = any
expiration = any
transition = list(any)
noncurrent_version_expiration = any
noncurrent_version_transition = list(any)
}))
default = []
description = <<-EOT
A list of S3 bucket v2 lifecycle rules, as specified in [terraform-aws-s3-bucket](https://github.com/cloudposse/terraform-aws-s3-bucket)"
These rules are not affected by the deprecated `lifecycle_rule_enabled` flag.
**NOTE:** Unless you also set `lifecycle_rule_enabled = false` you will also get the default deprecated rules set on your bucket.
EOT
}
variable "stickiness" {
type = object({
cookie_duration = number
enabled = bool
})
description = "Target group sticky configuration"
default = null
}
variable "additional_certs" {
type = list(string)
description = "A list of additonal certs to add to the https listerner"
default = []
}
variable "security_group_enabled" {
type = bool
description = "Enables the security group"
default = true
}
variable "load_balancer_name" {
type = string
default = ""
description = "The name for the default load balancer, uses a module label name if left empty"
}
variable "load_balancer_name_max_length" {
type = number
default = 32
description = "The max length of characters for the load balancer."
}
variable "load_balancing_algorithm_type" {
type = string
default = "round_robin"
description = "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups"
}
variable "default_target_group_enabled" {
type = bool
description = "Whether the default target group should be created or not."
default = true
}
variable "listener_additional_tags" {
type = map(string)
default = {}
description = "The additional tags to apply to all listeners"
}
variable "preserve_host_header" {
type = bool
default = false
description = "Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change."
}
variable "xff_header_processing_mode" {
type = string
default = "append"
description = "Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append"
}
variable "client_keep_alive" {
type = number
default = 3600
description = "Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds."
}