-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
257 lines (222 loc) · 6.5 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
######
# OpenSearch Collection
######
variable "name" {
description = "Name of the collection."
type = string
}
variable "description" {
description = "Description of the collection."
type = string
default = null
}
variable "use_standby_replicas" {
description = "Indicates whether standby replicas should be used for a collection."
type = bool
default = true
}
variable "tags" {
description = "A map of tags to assign to the collection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level."
type = map(string)
default = {}
}
variable "type" {
description = "Type of collection. One of SEARCH, TIMESERIES, or VECTORSEARCH. Defaults to TIMESERIES."
type = string
default = "TIMESERIES"
validation {
error_message = "Please use a valid type!"
condition = contains(["SEARCH", "TIMESERIES", "VECTORSEARCH"], var.type)
}
}
######
# Encryption Policy
######
variable "create_encryption_policy" {
description = "Controls if encryption policy should be created."
type = bool
default = true
}
variable "encryption_policy_name" {
description = "The name of the encryption policy."
type = string
default = null
}
variable "encryption_policy_description" {
description = "Description of the encryption policy."
type = string
default = null
}
variable "encryption_policy_kms_key_arn" {
description = "MS Customer managed key arn to use in the encryption policy."
type = string
default = null
}
######
# Network Policy
######
variable "create_network_policy" {
description = "Controls if network policy should be created."
type = bool
default = true
}
variable "network_policy_name" {
description = "The name of the network policy."
type = string
default = null
}
variable "network_policy_description" {
description = "Description of the network policy."
type = string
default = null
}
variable "network_policy_type" {
description = "Type of Network Policy. Supported Values are: AllPublic, AllPrivate, PublicCollectionPrivateDashboard, PrivateCollectionPublicDashboard"
type = string
default = "AllPublic"
validation {
error_message = "Please use a valid type!"
condition = contains(["AllPublic", "AllPrivate", "PublicCollectionPrivateDashboard", "PrivateCollectionPublicDashboard"], var.network_policy_type)
}
}
######
# VPCE
######
variable "vpce_name" {
description = "Name of the interface endpoint."
type = string
default = null
}
variable "vpce_subnet_ids" {
description = "One or more subnet IDs from which you'll access OpenSearch Serverless. Up to 6 subnets can be provided."
type = list(string)
default = []
}
variable "vpce_vpc_id" {
description = "ID of the VPC from which you'll access OpenSearch Serverless."
type = string
default = null
}
variable "vpce_security_group_ids" {
description = "One or more security groups that define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint. Up to 5 security groups can be provided."
type = list(string)
default = null
}
######
# VPCE Security Group
######
variable "vpce_create_security_group" {
description = "Creates a security group for VPCE."
type = bool
default = true
}
variable "vpce_security_group_name" {
description = "Security Group name for VPCE."
type = string
default = null
}
variable "vpce_security_group_description" {
description = "Security Group description for VPCE."
type = string
default = null
}
variable "vpce_security_group_sources" {
description = "Sources for inbound traffic to Opensearch Serverless"
type = list(object({
type = string
sources = list(string)
}))
default = []
}
######
# Data Access Policy
######
variable "create_access_policy" {
description = "Controls if data access policy should be created."
type = bool
default = true
}
variable "access_policy_name" {
description = "The name of the data access policy."
type = string
default = null
}
variable "access_policy_description" {
description = "Description of the access policy."
type = string
default = null
}
variable "access_policy_rules" {
description = "Rules to apply on access policy."
type = list(object({
type = string
permissions = list(string)
principals = list(string)
indexes = optional(list(string), [])
}))
default = []
}
######
# Data Lifecycle Policy
######
variable "create_data_lifecycle_policy" {
description = "Controls if data lifecycle policy should be created."
type = bool
default = false
}
variable "data_lifecycle_policy_name" {
description = "The name of the data lifecycle policy."
type = string
default = null
}
variable "data_lifecycle_policy_description" {
description = "Description of the data lifecycle policy."
type = string
default = null
}
variable "data_lifecycle_policy_rules" {
description = "Rules to apply on data lifecycle policy."
type = list(object({
indexes = list(string)
retention = optional(string, "Unlimited")
}))
default = []
}
######
# Security Config
######
variable "create_security_config" {
description = "Controls if security config should be created."
type = bool
default = false
}
variable "security_config_name" {
description = "The name of the security config."
type = string
default = null
}
variable "security_config_description" {
description = "Description of the security config."
type = string
default = null
}
variable "saml_metadata" {
description = "The XML IdP metadata file generated from your identity provider. Needs to be path to a file."
type = string
default = null
}
variable "saml_group_attribute" {
description = "Specify an attribute for group to map user groups or roles from your assertion."
type = string
default = null
}
variable "saml_user_attribute" {
description = "Specify a custom attribute for user ID if your assertion does not use NameID as the default attribute."
type = string
default = null
}
variable "saml_session_timeout" {
description = "Session timeout, in minutes. Minimum is 5 minutes and maximum is 720 minutes (12 hours). Default is 60 minutes."
type = number
default = 60
}