generated from dfds/aws-modules-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
variables.tf
869 lines (791 loc) · 29.6 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
# Expose vars for DB instance. Override defaults with sensible values for DFDS context
################################################################################
# Instance specific variables - applicable to cluster instances as well
################################################################################
variable "environment" {
description = <<EOF
Specify the staging environment.
Valid Values: "dev", "test", "staging", "uat", "training", "prod".
Notes: The value will set configuration defaults according to DFDS policies.
EOF
type = string
validation {
condition = contains(["dev", "test", "staging", "uat", "training", "prod"], var.environment)
error_message = "Valid values for environment are: dev, test, staging, uat, training, prod."
}
}
variable "identifier" {
description = <<EOF
Specify the name of the RDS instance to create.
Valid Values: .
Notes: .
EOF
type = string
}
variable "allocated_storage" {
description = <<EOF
Specify the allocated storage in gigabytes.
Valid Values: .
Notes: .
EOF
type = number
default = null
}
variable "storage_type" {
description = <<EOF
Specify the storage type.
Valid Values: One of 'standard' (magnetic), 'gp2' (general purpose SSD), 'gp3' (new generation of general purpose SSD), or 'io1' (provisioned IOPS SSD).
Notes: Default is 'io1' if iops is specified, 'gp2' if not. If you specify 'io1' or 'gp3' , you must also include a value for the 'iops' parameter.
EOF
type = string
default = "gp3"
}
variable "storage_throughput" { # TODO: What is See `notes`?
description = <<EOF
Speficy storage throughput value for the DB instance.
Valid Values: .
Notes: See `notes` for limitations regarding this variable for `gp3`.
EOF
type = number
default = null
}
variable "replicate_source_db" { # TODO: Consider providing abstraction to this
description = <<EOF
Inidicate that this resource is a Replicate database, and to use this value as the source database.
Valid Values: The identifier of another Amazon RDS Database to replicate in the same region.
Notes: In case of cross-region replication, specify the ARN of the source DB instance.
EOF
type = string
default = null
}
variable "iam_database_authentication_enabled" {
description = <<EOF
Set this to true to enable authentication using IAM.
Valid Values: .
Notes: This requires creating mappings between IAM users/roles and database accounts in the RDS instance for this to work properly.
EOF
type = bool
default = false
}
variable "engine_version" {
description = <<EOF
Specify engine version to use.
Valid Values: Specific version number, for example, "15.3" or major version number, for example, "15".
Notes:
- If this is omitted, the preffered version will be used.
- If major version is specified, the preffered version will be used.
- When using a specific version. The version must be valid. A valid version can be obtained from this [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/PostgreSQLReleaseNotes/postgresql-release-calendar.html)
EOF
type = string
default = null
}
variable "skip_final_snapshot" { # TODO: Check if this has been tested (Backup will remain in AWS Backup)
description = <<EOF
Setting this will determine whether a final DB snapshot is created before the DB instance is deleted.
Valid Values: Specific version number, for example, "15.3" or major version number, for example, "15".
Notes:
- If true is specified, no DB Snapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted.
- Default value is set to true. Snapshots will be created by the AWS backup job assuming that this resource is properly tagged, see [here](https://wiki.dfds.cloud/en/playbooks/aws-backup/aws-backup-getting-started) for more info.
EOF
type = bool
default = true
}
variable "source_snapshot_identifier" {
description = <<EOF
Provide the ID of the snapshot to create this instance from.
Valid Values: This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05"
Notes: Setting this will cause the instance to restore from the specified snapshot.
EOF
type = string
default = null
}
variable "copy_tags_to_snapshot" {
description = <<EOF
Specifies whether or not to copy all Instance tags to the final snapshot on deletion.
Valid Values: .
Notes: Default value is set to true. Snapshots will be created by the AWS backup job assuming that this resource is properly tagged, see [here](https://wiki.dfds.cloud/en/playbooks/aws-backup/aws-backup-getting-started) for more info.
EOF
type = bool
default = false
}
variable "final_snapshot_identifier_prefix" {
description = <<EOF
Specifies the name which is prefixed to the final snapshot on cluster destroy.
Valid Values: .
Notes: .
EOF
type = string
default = "final"
}
variable "instance_class" {
description = <<EOF
Specify instance type of the RDS instance.
Valid Values:
"db.t3.micro",
"db.t3.small",
"db.t3.medium",
"db.t3.large",
"db.t3.xlarge",
"db.t3.2xlarge",
"db.r6g.xlarge",
"db.m6g.large",
"db.m6g.xlarge",
"db.t2.micro",
"db.t2.small",
"db.t2.medium",
"db.m4.large",
"db.m5d.large",
"db.m6i.large",
"db.m5.xlarge",
"db.t4g.micro",
"db.t4g.small",
"db.t4g.large",
"db.t4g.xlarge"
Notes: If omitted, the instance type will be set to db.t3.micro.
EOF
type = string
default = null
validation {
condition = var.instance_class == null ? true : (
contains([
"db.t3.micro",
"db.t3.small",
"db.t3.medium",
"db.t3.large",
"db.t3.xlarge",
"db.t3.2xlarge",
"db.r6g.xlarge",
"db.m6g.large",
"db.m6g.xlarge",
"db.t2.micro",
"db.t2.small",
"db.t2.medium",
"db.m4.large",
"db.m5d.large",
"db.m6i.large",
"db.m5.xlarge",
"db.t4g.micro",
"db.t4g.small",
"db.t4g.large",
"db.t4g.xlarge"],
var.instance_class) ? true : false)
error_message = "The instance type is not allowed."
}
}
variable "db_name" {
description = <<EOF
Specifies The DB name to create.
Valid Values: .
Notes: If omitted, no database is created initially.
EOF
type = string
default = null
}
variable "username" {
description = <<EOF
Specify Username for the master DB user.
Valid Values: .
Notes: .
EOF
type = string
}
variable "password" {
description = <<EOF
Specify password for the master DB user.
Valid Values: .
Notes:
- This password may show up in logs, and it will be stored in the state file.
- If `manage_master_user_password` is set to true, this value will be ignored.
EOF
type = string
default = null
sensitive = true
}
variable "manage_master_user_password" {
description = <<EOF
Set to true to allow RDS to manage the master user password in Secrets Manager.
Valid Values: .
Notes:
- Default value is set to true. It is recommended to use this feature.
- If set to true, the `password` variable will be ignored.
EOF
type = bool
default = true
}
variable "port" { # TODO: Set default value to 5432 and test after removing default value from locals.tf
description = <<EOF
Specify the port number on which the DB accepts connections.
Valid Values: .
Notes: Default value is set to 5432.
EOF
type = number
default = 5432
}
variable "availability_zone" {
description = <<EOF
Specify the Availability Zone for the RDS instance..
Valid Values:
Notes: Only available for DB instances that do not have multi-AZ enabled.
EOF
type = string
default = null
}
variable "instance_is_multi_az" {
description = <<EOF
Specify if the RDS instance is multi-AZ.
Valid Values: .
Notes:
- This creates a primary DB instance and a standby DB instance in a different AZ for high availability and data redundancy.
- Standby DB instance doesn't support connections for read workloads.
- If this variable is omitted:
- This value is set to true by default for production environments.
- This value is set to false by default for non-production environments.
EOF
type = bool
default = null
}
variable "iops" {
description = <<EOF
Specify The amount of provisioned IOPS.
Valid Values: .
Notes: Setting this implies a storage_type of 'io1' or `gp3`. See `notes` for limitations regarding this variable for `gp3`"
EOF
type = number
default = null
}
variable "is_publicly_accessible" {
description = <<EOF
Specify whether or not this instance is publicly accessible.
Valid Values: .
Notes:
- Setting this to true will do the followings:
- Assign a public IP address and the host name of the DB instance will resolve to the public IP address.
- Access from within the VPC can be achived by using the private IP address of the assigned Network Interface.
- Create a security group rule to allow inbound traffic from the specified CIDR blocks.
- It is required to set `public_access_ip_whitelist` to allow access from specific IP addresses.
EOF
type = bool
default = false
}
variable "enhanced_monitoring_interval" {
description = <<EOF
Specify the interval between points when Enhanced Monitoring metrics are collected for the DB instance.
Valid Values: 0, 1, 5, 10, 15, 30, 60 (in seconds)
Notes: Specify 0 to disable collecting Enhanced Monitoring metrics.
EOF
type = number
default = 0
validation {
condition = contains([0, 1, 5, 10, 15, 30, 60], var.enhanced_monitoring_interval)
error_message = "Valid values for enhanced_monitoring_interval are: 0, 1, 5, 10, 15, 30, 60."
}
}
variable "allow_major_version_upgrade" {
description = <<EOF
Specify whether or not that major version upgrades are allowed.
Valid Values: .
Notes: Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible"
EOF
type = bool
default = true
}
variable "auto_minor_version_upgrade" {
description = <<EOF
Specify whether or not that minor engine upgrades can be applied automatically to the DB instance".
Valid Values: .
Notes: Minor engine upgrades will be applied automatically to the DB instance during the maintenance window.
EOF
type = bool
default = true
}
variable "apply_immediately" {
description = <<EOF
Specifiy whether any database modifications are applied immediately, or during the next maintenance window
Valid Values: .
Notes: apply_immediately can result in a brief downtime as the server reboots. See [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html) for more information.
EOF
type = bool
default = false
}
variable "maintenance_window" {
description = <<EOF
Specify the window to perform maintenance in.
Valid Values: Syntax: `ddd:hh24:mi-ddd:hh24:mi`. Eg: `"Mon:00:00-Mon:03:00"`.
Notes: Default value is set to `"Sat:18:00-Sat:20:00"`. This is adjusted in accordance with AWS Backup schedule, see info [here](https://wiki.dfds.cloud/en/playbooks/aws-backup/aws-backup-getting-started).
EOF
type = string
default = "Sat:18:00-Sat:20:00"
validation {
condition = can(regex("^([a-zA-Z]{3}):([0-2][0-9]):([0-5][0-9])-([a-zA-Z]{3}):([0-2][0-9]):([0-5][0-9])$", var.maintenance_window))
error_message = "Maintenance window must be in the format 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00'"
}
}
variable "subnet_ids" {
description = <<EOF
Provide a list of VPC subnet IDs.
Valid Values: .
Notes: IDs of the subnets must be in the same VPC as the RDS instance. Example: ["subnet-aaaaaaaaaaa", "subnet-bbbbbbbbbbb", "subnet-cccccccccc"]
EOF
type = list(string)
}
variable "instance_parameters" {
description = <<EOF
Specify a list of DB parameters (map) to modify.
Valid Values: Example:
instance_parameters = [{
name = "rds.force_ssl"
value = 1
apply_method = "pending-reboot",
... # Other parameters
}]
Notes: See [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.html#Appendix.PostgreSQL.CommonDBATasks.Parameters) for more information.
EOF
type = list(map(string))
default = []
}
variable "instance_terraform_timeouts" {
description = <<EOF
Specify Terraform resource management timeouts.
Valid Values: .
Notes: Applies to `aws_db_instance` in particular to permit resource management times. See [documentation](https://www.terraform.io/docs/configuration/resources.html#operation-timeouts) for more information.
EOF
type = map(string)
default = {}
}
variable "deletion_protection" {
description = <<EOF
Specify whether or not to prevent the DB instance from being deleted.
Valid Values: .
Notes: The database can't be deleted when this value is set to true.
EOF
type = bool
default = true
}
variable "performance_insights_enabled" {
description = <<EOF
Specify whether or not to enable Performance Insights.
Valid Values: .
Notes:
- If this variable is omitted:
- This value is set to true by default for production environments. Default retention period is set to 7 days.
- This value is set to false by default for non-production environments.
EOF
type = bool
default = null
}
variable "performance_insights_retention_period" { # TODO: Set default value to 7 and test after removing default value (null) from locals.tf
description = <<EOF
Specify the retention period for Performance Insights.
Valid Values: `7`, `731` (2 years) or a multiple of `31`
Notes: Set the value Default value when `performance_insights_enabled` is set to true.
EOF
type = number
default = null
}
variable "performance_insights_kms_key_id" {
description = <<EOF
Specify the ARN for the KMS key to encrypt Performance Insights data.
Valid Values: .
Notes:
- When specifying performance_insights_kms_key_id, performance_insights_enabled needs to be set to true.
- Once KMS key is set, it can never be changed
EOF
type = string
default = null
}
variable "max_allocated_storage" {
description = <<EOF
Set the value to enable Storage Autoscaling and to set the max allocated storage.
Valid Values: .
Notes:
- If this variable is omitted:
- This value is set to 50 by default for production environments.
- This value is set to 0 by default for non-production environments.
EOF
type = number
default = null
}
variable "ca_cert_identifier" {
description = <<EOF
Specify the identifier of the CA certificate for the DB instance.
Valid Values: .
Notes: If this variable is omitted, the latest CA certificate will be used.
EOF
type = string
default = null
}
variable "delete_automated_backups" {
description = <<EOF
Specify whether or not whether to remove automated backups immediately after the DB instance is deleted.
Valid Values: .
Notes: .
EOF
type = bool
default = true
}
variable "network_type" {
description = <<EOF
Specify the network type of the DB instance.
Valid Values: IPV4, DUAL
Notes: .
EOF
type = string
default = null
}
################################################################################
# CloudWatch Log Group
################################################################################
variable "enabled_cloudwatch_logs_exports" {
description = <<EOF
Specify the list of log types to enable for exporting to CloudWatch logs.
Valid Values: postgresql (PostgreSQL), upgrade (PostgreSQL)
Notes: If omitted, no logs will be exported.
EOF
type = list(string)
default = []
validation {
condition = alltrue([
for s in var.enabled_cloudwatch_logs_exports : contains(["postgresql", "upgrade"], s)
])
error_message = "value must be either postgresql or upgrade."
}
}
variable "cloudwatch_log_group_retention_in_days" {
description = <<EOF
Specify the retention period in days for the CloudWatch logs.
Valid Values: Number of days
Notes:
- If omitted, the default value is set to 7 days for production and 1 day for non-production environments.
- If set to 0, logs will be retained indefinitely.
- `-1` is an invalid value. It is used to express that the value is omitted and thus enabling the logic to calculate the default value.
EOF
type = number
default = -1
}
variable "cloudwatch_log_group_kms_key_id" {
description = <<EOF
Specify the ARN of the KMS Key to use when encrypting log data.
Valid Values: .
Notes: .
EOF
type = string
default = null
}
variable "cloudwatch_log_group_skip_destroy_on_deletion" {
description = <<EOF
Specify whether or not to skip the deletion of the CloudWatch log group on deletion.
Valid Values: .
Notes: .
EOF
type = bool
default = false
}
################################################################################
# Cluster specific variables
################################################################################
variable "is_cluster" {
description = <<EOF
[Experiemental Feature] Specify whether or not to deploy the instance as multi-az database cluster.
Valid Values: .
Notes:
- This feature is currently in beta and is subject to change.
- It creates a DB cluster with a primary DB instance and two readable standby DB instances,
- Each DB instance in a different Availability Zone (AZ).
- Provides high availability, data redundancy and increases capacity to serve read workloads
- Proxy is not supported for cluster instances.
- For smaller workloads we recommend considering using a single instance instead of a cluster.
EOF
type = bool
default = false
}
variable "cluster_use_name_prefix" {
description = "Whether to use `name` as a prefix for the cluster"
type = bool
default = false
}
variable "cluster_parameters" {
description = "A list of DB parameters (map) to apply"
type = list(map(string))
default = []
}
################################################################################
# Proxy settings
################################################################################
variable "is_proxy_included" {
description = <<EOF
Specify whether or not to include proxy.
Valid Values: .
Notes: Proxy helps managing database connections. See [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-planning.html) for more information.
EOF
type = bool
default = false
}
variable "proxy_debug_logging_is_enabled" {
description = <<EOF
Turn on debug logging for the proxy.
Valid Values: .
Notes: .
EOF
default = false
type = bool
}
variable "proxy_idle_client_timeout" {
description = <<EOF
Specify idle client timeout of the RDS proxy (keep connection alive).
Valid Values: .
Notes: .
EOF
default = 1800
type = number
}
variable "proxy_require_tls" {
description = <<EOF
Specify whether or not to require TLS for the proxy.
Valid Values: .
Notes: Default value is set to true.
EOF
type = bool
default = true
}
variable "proxy_engine_family" { # TODO: Remove if not needed
description = <<EOF
Specify engine family of the RDS proxy.
Valid Values: POSTGRESQL
Notes: .
EOF
type = string
default = "POSTGRESQL"
validation {
condition = contains(["POSTGRESQL"], var.proxy_engine_family)
error_message = "Invalid value for var.proxy_engine_family. Supported value: POSTGRESQL."
}
}
variable "additional_rds_proxy_security_groups" {
type = list(string)
description = <<EOF
Specify additional security groups to attach by ID to the RDS proxy.
Valid Values: .
Notes: .}
EOF
default = []
}
variable "proxy_additional_security_group_rules" {
description = <<EOF
Specify additional security group rules for the RDS proxy.
Valid Values: .
Notes:
- Public access is not supported on RDS Proxy. See [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html#rds-proxy.limitations) for more information.
- Only ingress(inbound) rules are supported.
- Ingress rules are set to "Allow outbound traffic to PostgreSQL instance"
– Ingress rules are set to "Allow inbound traffic from same security group on specified database port"
EOF
type = object({
ingress_rules = list(any)
ingress_with_self = optional(list(any), [])
})
default = {
ingress_rules = []
}
}
variable "proxy_iam_auth" {
description = <<EOF
Specify whether or not to use IAM authentication for the proxy.
Valid Values: DISABLED, REQUIRED
Notes: .
EOF
type = string
default = "DISABLED"
validation {
condition = contains(["DISABLED", "REQUIRED"], var.proxy_iam_auth)
error_message = "Invalid value for var.proxy_iam_auth. Supported values: DISABLED, REQUIRED."
}
}
################################################################################
# Security Group
################################################################################
variable "vpc_id" {
description = <<EOF
Specify the VPC ID.
Valid Values: .
Notes: .
EOF
type = string
}
variable "additional_rds_security_groups" {
type = list(string)
description = <<EOF
Specify additional security groups to attach by ID to the RDS instance.
Valid Values: .
Notes: .}
EOF
default = []
}
variable "additional_rds_security_group_rules" {
description = <<EOF
Specify additional security group rules for the RDS instance.
Valid Values: .
Notes: Use only for special cases.
EOF
type = object({
ingress_rules = list(any)
ingress_with_self = optional(list(any), [])
egress_rules = optional(list(any), [])
})
default = {
ingress_rules = []
ingress_with_self = []
egress_rules = []
}
}
variable "public_access_ip_whitelist" {
description = <<EOF
Provide a list of IP addresses to whitelist for public access
Valid Values: List of CIDR blocks. For example ["x.x.x.x/32", "y.y.y.y/32"]
Notes:
- In case of publicly accessible RDS, this list will be used to whitelist the IP addresses.
- It is best practice to specify the IP addresses that require access to the RDS instance.
- Setting this value to ["0.0.0.0/0"] will mean that the RDS instance will be open to the world! Following are examples where it can be necessary:
- Access is done from workloads with randomly assigned public IP adresses.
- A VPC peering is not configured.
EOF
type = list(string)
default = []
}
# ################################################################################
# # IAM Roles for ServiceAccounts (IRSA) - only applicable from Kubernetes pods
# ################################################################################
variable "is_kubernetes_app_enabled" {
description = <<EOF
Specify whether or not to enable access from Kubernetes pods.
Valid Values: .
Notes: Enabling this will create the following resources:
- IAM role for service account (IRSA)
- IAM policy for service account (IRSA)
- Peering connection from EKS Cluster requires a VPC peering deployed in the AWS account.
EOF
type = bool
default = false
}
################################################################################
# Resource tagging
################################################################################
variable "resource_owner_contact_email" {
description = <<EOF
Provide an email address for the resource owner (e.g. team or individual).
Valid Values: .
Notes: This set the dfds.owner tag. See recommendations [here](https://wiki.dfds.cloud/en/playbooks/standards/tagging_policy).
EOF
type = string
default = null
validation {
condition = var.resource_owner_contact_email == null || can(regex("^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}$", var.resource_owner_contact_email))
error_message = "Invalid value for var.resource_owner_contact_email. Must be a valid email address."
}
}
variable "cost_centre" {
description = <<EOF
Provide a cost centre for the resource.
Valid Values: .
Notes: This set the dfds.cost_centre tag. See recommendations [here](https://wiki.dfds.cloud/en/playbooks/standards/tagging_policy).
EOF
type = string
}
variable "enable_default_backup" {
description = <<EOF
Specify whether or not to enable default backup.
Valid Values: .
Notes:
- This set the dfds.backup tag. See recommendations [here](https://wiki.dfds.cloud/en/playbooks/standards/tagging_policy).
- If omitted, the default value is set to true for production and false for non-production environments.
EOF
type = bool
default = null
}
variable "additional_backup_retention" {
description = <<EOF
Specify additional backup retention.
Valid Values: 30days, 60days, 180days, 1year, 10year
Notes: This set the dfds.backup_retention tag. See recommendations [here](https://wiki.dfds.cloud/en/playbooks/standards/tagging_policy).
EOF
type = string
default = null
validation {
condition = var.additional_backup_retention == null ? true : (
contains(["30days", "60days", "180days", "1year", "10year"], var.additional_backup_retention) ? true : false
)
error_message = "Invalid value for var.additional_backup_retention. Supported values: 30days, 60days, 180days, 1year, 10year."
}
}
variable "data_classification" {
description = <<EOF
Specify data classification.
Valid Values: public, private, confidential, restricted
Notes: This set the dfds.data.classification tag. See recommendations [here](https://wiki.dfds.cloud/en/playbooks/standards/tagging_policy).
EOF
type = string
validation {
condition = contains(["public", "private", "confidential", "restricted"], var.data_classification)
error_message = "Invalid value for var.data_classification. Supported values: public, private, confidential, restricted."
}
}
variable "service_availability" {
description = <<EOF
Specify service availability.
Valid Values: low, medium, high
Notes: This set the dfds.service.availability tag. See recommendations [here](https://wiki.dfds.cloud/en/playbooks/standards/tagging_policy).
EOF
type = string
validation {
condition = contains(["low", "medium", "high"], var.service_availability)
error_message = "Invalid value for var.service_availability. Supported values: low, medium, high."
}
}
variable "optional_data_specific_tags" {
description = <<EOF
Provide list of optional dfds.data.* to be applied on data specific resources.
Valid Values: .
Notes:
- Use this only for optional data tags. Required tags are supplied through dedicated variables.
- This variable will apply tags only on the relevant data resources.
- See recommendations [here](https://wiki.dfds.cloud/en/playbooks/standards/tagging_policy).
EOF
type = map(string)
default = {}
}
variable "optional_tags" {
description = <<EOF
Provide list of optional dfds.* tags to be applied on all resources.
Valid Values: .
Notes:
- Use this only for optional tags. Required tags are supplied through dedicated variables.
- See recommendations [here](https://wiki.dfds.cloud/en/playbooks/standards/tagging_policy).
EOF
type = map(string)
default = {}
}
variable "pipeline_location" {
description = <<EOF
Specify a valid URL path to the pipeline file used for automation script.
Valid Values: URL to repo. Example: `"https://github.com/dfds/terraform-aws-rds/actions/workflows/qa.yml"`
Notes: This set the dfds.automation.initiator.pipeline tag. See recommendations [here](https://wiki.dfds.cloud/en/playbooks/standards/tagging_policy).
EOF
type = string
default = null
validation {
condition = var.pipeline_location == null || can(regex("^(https:\\/\\/www\\.|http:\\/\\/www\\.|https:\\/\\/|http:\\/\\/)?[a-zA-Z0-9]{2,}(\\.[a-zA-Z0-9]{2,})(\\.[a-zA-Z0-9]{2,})?(\\/[a-zA-Z0-9_.:/=+-@][^?|^/&]{2,})+$", var.pipeline_location))
error_message = "Value for var.pipeline_location contains invalid characters. See AWS [user guide](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html) for more information."
}
}
variable "automation_initiator_location" {
description = <<EOF
Specify the URL to the repo of automation script.
Valid Values: URL to repo. Example: `"https://github.com/dfds/terraform-aws-rds"`
Notes: This set the dfds.automation.initiator.location tag. See recommendations [here](https://wiki.dfds.cloud/en/playbooks/standards/tagging_policy).
EOF
type = string
default = null
validation {
condition = var.automation_initiator_location == null || can(regex("^(https:\\/\\/www\\.|http:\\/\\/www\\.|https:\\/\\/|http:\\/\\/)?[a-zA-Z0-9]{2,}(\\.[a-zA-Z0-9]{2,})(\\.[a-zA-Z0-9]{2,})?(\\/[a-zA-Z0-9_.:/=+-@][^?|^/&]{2,})+[\\/]?$", var.automation_initiator_location))
error_message = "Value for var.automation_initiator_location contains invalid characters or URL is malformed. See AWS [user guide](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html) for more information. Example: https://github.com/dfds/terraform-aws-rds"
}
}