2020-04-10 02:37:14 +00:00
# Organization
variable " main_project_tag " {
description = " Tag that will be attached to all resources. "
type = string
default = " vault-deployment "
}
# AWS Provider
variable " aws_profile " {
description = " The AWS Profile to use for this project. "
type = string
default = " default "
}
variable " aws_default_region " {
description = " The default region to deploy this. "
type = string
default = " us-east-1 "
}
# AWS VPC
variable " vpc_cidr " {
description = " Cidr block for the VPC. Using a /16 or /20 Subnet Mask is recommended. "
type = string
default = " 10.255.0.0/20 "
}
variable " vpc_instance_tenancy " {
description = " Tenancy for instances launched into the VPC "
type = string
default = " default "
}
variable " vpc_enable_dns_support " {
2020-04-10 03:40:35 +00:00
description = " Whether the DNS resolution is supported. Required as True for VPC endpoint usage. "
2020-04-10 02:37:14 +00:00
type = bool
default = true
}
variable " vpc_enable_dns_hostnames " {
2020-04-10 03:40:35 +00:00
description = " Whether instances with public IP addresses get corresponding public DNS hostnames. Required as True for VPC endpoint usage. "
2020-04-10 02:37:14 +00:00
type = bool
default = true
}
variable " vpc_tags " {
description = " Additional tags to add to the VPC and its resources. "
type = map ( string )
default = { }
}
# VPC Subnets
variable " vpc_public_subnet_count " {
description = " The number of public subnets to create. Cannot exceed the number of AZs in your selected region. 2 is more than enough. "
type = number
default = 2
}
variable " vpc_private_subnet_count " {
description = " The number of private subnets to create. Cannot exceed the number of AZs in your selected region. "
type = number
default = 2
}
# KMS
variable " kms_tags " {
description = " Tags for the KMS key used to seal and unseal the Vault. "
type = map ( string )
default = { }
}
# DynamoDB
variable " dynamodb_table_name " {
description = " Name of the DynamoDB Table used for the Vault Storage Backend. "
type = string
default = " vault_storage "
}
2020-04-10 03:11:09 +00:00
# Allowed Traffic
## What IP Address ranges (via CIDR) are allowed to access your vault?
variable " allowed_traffic_cidr_blocks " {
description = " List of CIDR blocks allowed to access your vault. Defaults to EVERYWHERE. You should probably limit this to your organization IP or VPC CIDR. "
type = list ( string )
default = [ " 0.0.0.0/0 " ]
}
## What IP Address range can access your bastion server?
variable " allowed_bastion_cidr_blocks " {
description = " List of CIDR blocks allowed to access your Bastion. Defaults to EVERYWHERE. You should probably limit this to your organization IP or VPC CIDR. "
type = list ( string )
default = [ " 0.0.0.0/0 " ]
}
2020-04-10 02:37:14 +00:00
# Operator Mode
## Turning this on will enable NAT and Bastion to access the Vault Instances
variable " operator_mode " {
description = " Enable a NAT Gateway and Bastion for operator access into the Vault Instances. "
type = bool
default = true
}