forked from lacework/terraform-aws-cloudtrail-controltower
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
110 lines (93 loc) · 3.02 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
variable "sns_topic_arn" {
type = string
description = "The SNS topic ARN. Usually in the form of: arn:aws:sns:<control-tower-region>:<aws_audit_account_id>:aws-controltower-AllConfigNotifications"
}
variable "s3_bucket_arn" {
type = string
description = "The ARN for the S3 bucket for consolidated CloudTrail logging. Usually in the form like: arn:aws:s3:::aws-controltower-logs-<log_archive_account_id>-<control_tower_region>"
}
variable "org_account_mappings" {
type = list(object({
default_lacework_account = string
mapping = list(object({
lacework_account = string
aws_accounts = list(string)
}))
}))
default = []
description = "Mapping of AWS accounts to Lacework accounts within a Lacework organization"
}
variable "use_existing_iam_role" {
type = bool
default = false
description = "Set this to true to use an existing IAM role from the log_archive AWS Account"
}
variable "iam_role_name" {
type = string
default = ""
description = "The IAM role name. Required to match with iam_role_arn if use_existing_iam_role is set to true"
}
variable "iam_role_arn" {
type = string
default = ""
description = "The IAM role ARN is required when setting use_existing_iam_role to true"
}
variable "iam_role_external_id" {
type = string
default = ""
description = "The external ID configured inside the IAM role is required when setting use_existing_iam_role to true"
}
variable "external_id_length" {
type = number
default = 16
description = "**Deprecated** - Will be removed on our next major release v1.0.0"
}
variable "prefix" {
type = string
default = "lacework-ct"
description = "The prefix that will be use at the beginning of every generated resource"
}
variable "enable_log_file_validation" {
type = bool
default = false
description = "Specifies whether cloudtrail log file integrity validation is enabled"
}
variable "sqs_queue_name" {
type = string
default = ""
description = "The SQS queue name"
}
variable "cross_account_policy_name" {
type = string
default = ""
}
variable "lacework_integration_name" {
type = string
default = "TF cloudtrail"
description = "The name of the integration in Lacework."
}
variable "lacework_aws_account_id" {
type = string
default = "434813966438"
description = "The Lacework AWS account that the IAM role will grant access"
}
variable "wait_time" {
type = string
default = "10s"
description = "Amount of time to wait before the next resource is provisioned."
}
variable "tags" {
type = map(string)
description = "A map/dictionary of Tags to be assigned to created resources"
default = {}
}
variable "kms_key_arn" {
type = string
default = ""
description = "The KMS key arn, if Control Tower was deployed with custom KMS key"
}
variable "enable_metric_module" {
type = bool
default = false
description = "Enable the metric module."
}