-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
71 lines (56 loc) · 2.28 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
variable "vpc_id" {
description = "The ID of the VPC you'll be installing vault into. We make no assumptions about your networking stack, so you should provide this."
}
variable "vault_key_name" {
description = "The PEM key name for accessing and provisioning stuff."
}
variable "vault_version" {
default = "1.4.2"
description = "The image name for vault. Defaults to latest, but you should lock this down."
}
variable "vault_instance_type" {
description = "The ui instance type. Usually around an m3.large gets it done, but do what you want."
}
variable "vault_count" {
default = 2
description = "The number of vault boxes to run. Defaults to a pair."
}
variable "vault_cert_arn" {
description = "The ARN to the SSL cert we'll apply to the ELB."
}
variable "vault_ingress_cidr" {
default = "0.0.0.0/0"
description = "The CIDR block from whence web traffic may come. Defaults to anywhere, but override it as necessary. This is applied to the ELB."
}
variable "vault_bucket_name" {
description = "The bucket name to store encrypted vault information."
}
variable "vault_fqdn" {
description = "The fully qualified domain name for vault leader nodes without the protocol. We will force HTTPS."
}
variable "utility_accessible_sg" {
description = "Pass in the ID of your access security group here."
}
variable "lb_security_policy" {
description = "Vault UI SSL policy to apply to the ELB."
}
variable "external_lb_enabled" {
default = false
description = "Whether or not the external vault load balancer is turned on or not."
}
variable "public_subnets" {
type = list(string)
description = "The public subnet ID corresponding to the private subnet you'll be installing vault ui into. These are assigned to the load balancer."
}
variable "private_subnets" {
type = list(string)
description = "The private subnet ID you'll be installing vault ui into. Again, we make no assumptions. This should be large enough to support your cluster."
}
variable "vault_patch_schedule" {
default = "cron(0 0 * * ? *)"
description = "The frequency to patch the vault boxes. Defaults to midnight."
}
variable "schedule_timezone" {
default = "America/New_York"
description = "The timezone inside of which to run the patch windows. Defaults to US eastern."
}