variable "name" {
  description = "Name of the S3 bucket."
  type        = string
}

variable "customer_access" {
  description = "True if customer accounts should get access"
  type        = bool
  default     = false
}

variable "extra_accounts" {
  description = "List of account numbers that also need access"
  type        = list(string)
  default     = []
}

variable "encryption" {
  description = "Encryption method. Either SSE-KMS or SSE-S3. The latter is easier for cross-account sharing with customers."
  type        = string
  default     = "SSE-KMS"

  validation {
    condition     = var.encryption == "SSE-KMS" || var.encryption == "SSE-S3"
    error_message = "The encryption type must be 'SSE-KMS' or 'SSE-S3'."
  }
}

variable "tags" {
  description = "Tags for the bucket and kms key."
  type        = map(any)
}

# ----------------------------------
# Below this line are variables inherited from higher levels, so they
# do not need to be explicitly passed to this module.

# ----------------------------------
# Required for remote state, though they can be used elsewhere
variable "remote_state_bucket" {
  type = string
}