-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
290 lines (238 loc) · 7.96 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
#Module : LABEL
#Description : Terraform label module variables.
variable "name" {
type = string
default = ""
description = "Name (e.g. `app` or `cluster`)."
}
variable "environment" {
type = string
default = ""
description = "Environment (e.g. `prod`, `dev`, `staging`)."
}
variable "repository" {
type = string
default = ""
description = "Terraform current module repo"
}
variable "label_order" {
type = list(any)
default = ["name", "environment"]
description = "Label order, e.g. sequence of application name and environment `name`,`environment`,'attribute' [`webserver`,`qa`,`devops`,`public`,] ."
}
variable "managedby" {
type = string
default = ""
description = "ManagedBy, eg ''."
}
variable "enabled" {
type = bool
description = "Set to false to prevent the module from creating any resources."
default = true
}
variable "resource_group_name" {
description = "A container that holds related resources for an Azure solution"
default = ""
}
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
}
#Public IP
variable "public_ip_allocation_method" {
description = "Defines the allocation method for this IP address. Possible values are Static or Dynamic"
default = "Static"
}
variable "public_ip_sku" {
description = "The SKU of the Public IP. Accepted values are Basic and Standard. Defaults to Basic"
default = "Standard"
}
#firewall
variable "threat_intel_mode" {
description = "(Optional) The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert, Deny. Defaults to Alert."
default = "Alert"
type = string
validation {
condition = contains(["Off", "Alert", "Deny"], var.threat_intel_mode)
error_message = "The threat intel mode is invalid."
}
}
variable "sku_tier" {
description = "Specifies the firewall sku tier"
default = "Standard"
type = string
}
variable "sku_policy" {
description = "Specifies the firewall-policy sku"
default = "Standard"
type = string
}
variable "sku_name" {
type = string
default = "AZFW_VNet"
description = "(optional) describe your variable"
}
variable "subnet_id" {
type = string
default = ""
description = "Subnet ID"
}
variable "nat_policy_collection_group" {
type = string
default = "DefaultDnatRuleCollectionGroup"
description = "(optional) Name of nat policy group"
}
variable "net_policy_collection_group" {
type = string
description = "(optional) Name of network policy group"
default = "DefaultNetworkRuleCollectionGroup"
}
variable "app_policy_collection_group" {
type = string
default = "DefaultApplicationRuleCollectionGroup"
description = "(optional) Name of app policy group"
}
variable "additional_public_ips" {
type = list(object({
name = string,
public_ip_address_id = string
}))
default = []
description = "List of additional public ips' ids to attach to the firewall."
}
variable "application_rule_collection" {
default = {}
description = "One or more application_rule_collection blocks as defined below.."
}
variable "network_rule_collection" {
default = {}
description = "One or more network_rule_collection blocks as defined below."
}
variable "nat_rule_collection" {
default = {}
description = "One or more nat_rule_collection blocks as defined below."
}
variable "public_ip_names" {
type = list(string)
default = []
description = ""
}
variable "enable_ip_subnet" {
type = bool
default = true
description = "Should subnet id be attached to first public ip name specified in public ip names variable. To be true when there is no individual public ip."
}
variable "location" {
type = string
default = ""
description = "The location/region where the virtual network is created. Changing this forces a new resource to be created."
}
variable "firewall_private_ip_ranges" {
description = "A list of SNAT private CIDR IP ranges, or the special string `IANAPrivateRanges`, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918."
type = list(string)
default = null
}
variable "dns_servers" {
description = "DNS Servers to use with Azure Firewall. Using this also activate DNS Proxy."
type = list(string)
default = null
}
variable "dnat-destination_ip" {
description = "Variable to specify that you have destination ip to attach to policy or not.(Destination ip is public ip that is attached to firewall)"
type = bool
default = true
}
# Diagnosis Settings Enable
variable "enable_diagnostic" {
type = bool
default = false
description = "Set to false to prevent the module from creating the diagnosys setting for the NSG Resource.."
}
variable "storage_account_id" {
type = string
default = null
description = "Storage account id to pass it to destination details of diagnosys setting of NSG."
}
variable "eventhub_name" {
type = string
default = null
description = "Eventhub Name to pass it to destination details of diagnosys setting of NSG."
}
variable "eventhub_authorization_rule_id" {
type = string
default = null
description = "Eventhub authorization rule id to pass it to destination details of diagnosys setting of NSG."
}
variable "log_analytics_workspace_id" {
type = string
default = null
description = "log analytics workspace id to pass it to destination details of diagnosys setting of NSG."
}
variable "retention_policy_enabled" {
type = bool
default = false
description = "Set to false to prevent the module from creating retension policy for the diagnosys setting."
}
variable "days" {
type = number
default = 365
description = "Number of days to create retension policies for te diagnosys setting."
}
variable "firewall_enable" {
type = bool
default = false
}
variable "identity_type" {
description = "Specifies the type of Managed Service Identity that should be configured on this Storage Account. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both)."
type = string
default = "UserAssigned"
}
variable "policy_rule_enabled" {
type = bool
default = false
description = "Flag used to control creation of policy rules."
}
variable "firewall_policy_id" {
type = string
default = null
description = "The ID of the Firewall Policy."
}
variable "public_ip_prefix_enable" {
type = bool
default = false
description = "Flag to control creation of public ip prefix resource."
}
variable "public_ip_prefix_sku" {
type = string
default = "Standard"
description = "SKU for public ip prefix. Default to standard."
}
variable "public_ip_prefix_ip_version" {
type = string
default = "IPv4"
description = "The IP Version to use, IPv6 or IPv4. Changing this forces a new resource to be created. Default is IPv4"
}
variable "prefix_public_ip_names" {
type = list(string)
default = []
description = "Name of prefix public ips."
}
variable "prefix_public_ip_allocation_method" {
type = string
default = "Static"
}
variable "prefix_public_ip_sku" {
type = string
default = "Standard"
}
variable "public_ip_prefix_length" {
type = number
default = 31
description = "Specifies the number of bits of the prefix. The value can be set between 0 (4,294,967,296 addresses) and 31 (2 addresses). Defaults to 28(16 addresses). Changing this forces a new resource to be created."
}
variable "enable_prefix_subnet" {
type = bool
default = false
description = "Should subnet id be attached to first public ip name specified in public ip prefix name varible. To be true when there is no individual public ip."
}