-
Notifications
You must be signed in to change notification settings - Fork 11
/
variables.tf
124 lines (101 loc) · 4.67 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# Variables related to calling AWS CLI
variable "aws_cli_commands" {
description = <<EOT
The AWS CLI command, subcommands, and options.
For options that can accept a value, then the following examples are both fine to use:
1. `"--option", "value"`
2. `"--option=value"`
In the event that the value contains a space, it must be wrapped with quotes.
1. `"--option", "'value with a space wrapped in single quotes'"`
2. `"--option='value with a space wrapped in single quotes'"`
EOT
type = list(string)
}
variable "aws_cli_query" {
description = <<EOD
The `--query` value for the AWS CLI call.
The value for `var.aws_cli_query` is based upon JMESPath, and you can get good information from https://jmespath.org.
If not supplied, then the entire results from the AWS CLI call will be returned.
EOD
type = string
default = ""
}
variable "assume_role_arn" {
description = <<EOT
The ARN of the role being assumed (optional).
The optional ARN must match the format documented in https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html.
EOT
type = string
default = ""
validation {
condition = can(regex("^(?:arn:aws(?:-cn|-us-gov|):(?:iam|sts)::[0-9]{12}:.+|)$", var.assume_role_arn))
error_message = "The optional ARN must match the format documented in https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html."
}
}
variable "external_id" {
description = <<EOD
External id for assuming the role (optional).
The length of optional external_id, when supplied, must be between 2 and 1224 characters.
The optional external_id can only contain upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: `=,.@-`.
The optional external_id match the regular expression `^[\w=,.@-]*$`.
EOD
type = string
default = ""
validation {
condition = length(var.external_id) == 0 || (length(var.external_id) >= 2 && length(var.external_id) <= 1224)
error_message = "The length of optional external_id, when supplied, must be between 2 and 1224 characters."
}
validation {
condition = can(regex("^[\\w=,.@-]*$", var.external_id))
error_message = "The optional external_id must match the regular expression '^[\\w=,.@-]*$'."
}
}
variable "profile" {
description = <<EOD
The specific AWS profile to use (must be configured appropriately and is optional).
The optional profile must start with a letter and can only contain letters, numbers, hyphens, and underscores.
EOD
type = string
default = ""
validation {
condition = can(regex("^([a-zA-Z][a-zA-Z0-9_-]*|)$", var.profile))
error_message = "The optional profile must start with a letter and can only contain letters, numbers, hyphens, and underscores."
}
}
variable "region" {
description = <<EOD
The specific AWS region to use.
The region must start with two letters representing the geographical area, followed by one or more letters or digits representing the specific region within that area.
EOD
type = string
default = ""
validation {
condition = can(regex("^([a-z]{2}-[a-z0-9-]+|)$", var.region))
error_message = "The optional region must start with two letters representing the geographical area, followed by one or more letters or digits representing the specific region within that area."
}
}
variable "role_session_name" {
description = <<EOD
The role session name that will be used when assuming a role (optional)
The length of the optional role session name, when supplied, must be between 2 and 64 characters.
The optional role session name can only contain upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: `=,.@-`.
The optional role session name match the regular expression `^[\w=,.@-]*$`.
If the assume_role_arn is supplied, but the role_session_name is left empty, an internal default of "AssumingRole" will be used.
EOD
type = string
default = ""
validation {
condition = length(var.role_session_name) == 0 || (length(var.role_session_name) >= 2 && length(var.role_session_name) <= 64)
error_message = "The length of the optional role session name, when supplied, must be between 2 and 64 characters."
}
validation {
condition = can(regex("^[\\w=,.@-]*$", var.role_session_name))
error_message = "The role session name match the regular expression '^[\\w=,.@-]*$'."
}
}
# Variable for debugging
variable "alternative_path" {
description = "Use an alternative path for all files produced internally"
type = string
default = ""
}