AFS
/
xdr-terraform-modules


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
							variable "name" {
  description = "The shortname for DNS and resources."
  type        = string
}

variable "target_ids" {
  description = "List of targets to assign to the ALB"
  type        = set(string)
}

variable "allow_from_any" {
  description = "Open the ALB to 0.0.0.0/0? If not, you must create your own rules."
  type        = bool
  default     = true
}

variable "listener_port" {
  description = "Public Facing Port"
  type        = number
}

variable "target_port" {
  description = "Port on Instance"
  type        = number
}

variable "target_protocol" {
  description = "Protocol on Instance"
  type        = string
}

variable "target_security_group" {
  description = "A target security group to allow egress from the ALB"
  type        = string
}

# Health Check Variables have sane defaults
variable "healthcheck_port" {
  description = "Health Check Port on Instance"
  type        = number
  default     = null
}

variable "healthcheck_protocol" {
  description = "Health Check Protocol on Instance"
  type        = string
  default     = null
}

variable "healthcheck_path" {
  description = "Health Check Path on Instance"
  type        = string
  default     = "/"
}

variable "healthcheck_matcher" {
  description = "Health Check Match Conditions"
  type        = string
  default     = "200,302"
}

variable "stickiness" {
  description = "Session Stickiness enabled?"
  type        = bool
  default     = false
}

locals {
  healthcheck_port     = var.healthcheck_port == null ? var.target_port : var.healthcheck_port
  healthcheck_protocol = var.healthcheck_protocol == null ? var.target_protocol : var.healthcheck_protocol
}

# WAF passthrough variables
variable "waf_enabled" {
  type        = bool
  description = "Enable the standard WAF?"
}

variable "excluded_rules_AWSManagedRulesCommonRuleSet" {
  type = list(string)
  default = [
    "SizeRestrictions_BODY" # Breaks too many things
  ]
}

variable "excluded_rules_AWSManagedRulesAmazonIpReputationList" {
  type    = list(string)
  default = []
}

variable "excluded_rules_AWSManagedRulesKnownBadInputsRuleSet" {
  type    = list(string)
  default = []
}

variable "excluded_rules_AWSManagedRulesSQLiRuleSet" {
  type    = list(string)
  default = []
}

variable "excluded_rules_AWSManagedRulesLinuxRuleSet" {
  type    = list(string)
  default = []
}

variable "excluded_rules_AWSManagedRulesUnixRuleSet" {
  type    = list(string)
  default = []
}

variable "additional_blocked_ips" {
  description = "IP addresses that are blocked, in addition to the defaults."
  type        = list(string)
  default     = []
}

variable "allowed_ips" {
  description = "IP Addresses that are always allowed"
  type        = list(string)
  default     = []
}

variable "admin_ips" {
  description = "IP Addressed that are allowed to the admin interface"
  type        = list(string)
  default     = []
}

# Inherited variables
variable "dns_info" { type = map(any) }
variable "tags" { type = map(any) }
variable "public_subnets" { type = list(any) }
variable "environment" { type = string }
variable "vpc_id" { type = string }
variable "aws_partition" { type = string }
variable "aws_region" { type = string }
variable "aws_account_id" { type = string }