-
Notifications
You must be signed in to change notification settings - Fork 1
/
variables.tf
166 lines (139 loc) · 6.42 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# ------------------------------------------------------------------------------
# REQUIRED PARAMETERS
#
# You must provide a value for each of these parameters.
# ------------------------------------------------------------------------------
variable "cyhy_account_id" {
description = "The ID of the CyHy account."
type = string
}
# ------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
#
# These parameters have reasonable defaults.
# ------------------------------------------------------------------------------
variable "aws_region" {
default = "us-east-1"
description = "The AWS region to deploy into (e.g. us-east-1)."
type = string
}
variable "cognito_authenticated_role_name" {
default = "dmarc-import-authenticated"
description = "The name of the IAM role that grants authenticated access to the Elasticsearch database."
type = string
}
variable "cognito_identity_pool_name" {
default = "dmarc-import"
description = "The name of the Cognito identity pool to use for access to the Elasticsearch database."
type = string
}
variable "cognito_user_pool_client_name" {
default = "dmarc-import"
description = "The name of the Cognito user pool client to use for access to the Elasticsearch database."
type = string
}
variable "cognito_user_pool_domain" {
default = "dmarc-import"
description = "The domain to use for the Cognito endpoint. For custom domains, this is the fully-qualified domain name, such as \"auth.example.com\". For Amazon Cognito prefix domains, this is the prefix alone, such as \"auth\"."
type = string
}
variable "cognito_user_pool_name" {
default = "dmarc-import"
description = "The name of the Cognito user pool to use for access to the Elasticsearch database."
type = string
}
variable "cognito_usernames" {
default = {}
description = "A map whose keys are the usernames of each Cognito user and whose values are a map containing supported user attributes. The only currently-supported attribute is \"email\" (string). Example: { \"firstname1.lastname1\" = { \"email\" = \"firstname1.lastname1@foo.gov\" }, \"firstname2.lastname2\" = { \"email\" = \"firstname2.lastname2@foo.gov\" } }"
type = map(object({ email = string }))
}
variable "elasticsearch_domain_name" {
default = "dmarc-import-elasticsearch"
description = "The domain name of the Elasticsearch instance."
type = string
}
variable "elasticsearch_index" {
default = "dmarc_aggregate_reports"
description = "The Elasticsearch index to which to write DMARC aggregate report data."
type = string
}
variable "elasticsearchreadonly_role_description" {
default = "Allows sufficient permissions to read (but not write) to the dmarc-import Elasticsearch database."
description = "The description to associate with the IAM role (and policy) that allows sufficient permissions to read (but not write) to the dmarc-import Elasticsearch database."
type = string
}
variable "elasticsearchreadonly_role_name" {
default = "ElasticsearchReadOnly"
description = "The name to assign the IAM role (and policy) that allows sufficient permissions to read (but not write) the to dmarc-import Elasticsearch database."
type = string
}
variable "elasticsearchreadwrite_role_description" {
default = "Allows sufficient permissions to read and write to the dmarc-import Elasticsearch database."
description = "The description to associate with the IAM role (and policy) that allows sufficient permissions to read and write to the dmarc-import Elasticsearch database."
type = string
}
variable "elasticsearchreadwrite_role_name" {
default = "ElasticsearchReadWrite"
description = "The name to assign the IAM role (and policy) that allows sufficient permissions to read and write the to dmarc-import Elasticsearch database."
type = string
}
variable "elasticsearch_type" {
default = "report"
description = "The Elasticsearch type corresponding to a DMARC aggregate report."
type = string
}
variable "emails" {
default = ["reports@dmarc.cyber.dhs.gov", ]
description = "A list of the email addresses at which DMARC aggregate reports are being received."
type = list(string)
}
variable "opensearch_service_role_for_auth_name" {
default = "opensearch-service-cognito-access"
description = "The name of the IAM role that gives Amazon OpenSearch Service permissions to configure the Amazon Cognito user and identity pools and use them for OpenSearch Dashboards/Kibana authentication."
type = string
}
variable "lambda_function_name" {
default = "dmarc-import"
description = "The name of the dmarc-import Lambda function."
type = string
}
variable "lambda_function_zip_file" {
default = "../dmarc-import-lambda/dmarc-import.zip"
description = "The location of the zip file for the Lambda function."
type = string
}
variable "permanent_bucket_name" {
default = "cool-dmarc-import-permanent"
description = "The name of the S3 bucket where the DMARC aggregate report emails are stored permanently."
type = string
}
variable "provisiondmarcimport_policy_description" {
default = "Allows sufficient permissions to provision the dmarc-import infrastructure."
description = "The description to associate with the IAM policy that allows sufficient permissions to provision the dmarc-import infrastructure."
type = string
}
variable "provisiondmarcimport_policy_name" {
default = "ProvisionDmarcImport"
description = "The name to assign the IAM policy that allows sufficient permissions to provision the dmarc-import infrastructure."
type = string
}
variable "queue_name" {
default = "cool-dmarc-import-queue"
description = "The name of the SQS queue where events will be sent as DMARC aggregate reports are received."
type = string
}
variable "rule_set_name" {
default = "dmarc-import-rules"
description = "The name of the SES rule set that processes DMARC aggregate reports."
type = string
}
variable "tags" {
default = {}
description = "Tags to apply to all AWS resources created."
type = map(string)
}
variable "temporary_bucket_name" {
default = "cool-dmarc-import-temporary"
description = "The name of the S3 bucket where the DMARC aggregate report emails are stored temporarily (until processed)."
type = string
}