-
Notifications
You must be signed in to change notification settings - Fork 84
/
Copy pathvariables.tf
115 lines (115 loc) · 3.44 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
variable "unique_id" {
description = "A unique identifier that is prepended to all created resource names"
type = string
default = "s3example"
}
variable "bucket_name" {
description = "The name of the bucket that is created"
type = string
default = "s3-protected-bucket"
}
variable "lambda_execution_role_name" {
description = "The name of the lambda execution IAM role"
type = string
default = "s3-protected-bucket-role"
}
variable "falconpy_layer_filename" {
description = "The name of the archive to use for the lambda layer"
type = string
default = "falconpy-layer.zip"
}
variable "falconpy_layer_name" {
description = "The name used for the lambda layer"
type = string
default = "crowdstrike_falconpy"
}
variable "lambda_function_filename" {
description = "The name of the archive to use for the lambda function"
type = string
default = "quickscan-bucket.zip"
}
variable "lambda_function_name" {
description = "The name used for the lambda function"
type = string
default = "s3_bucket_protection"
}
variable "lambda_mitigate_threats" {
description = "Remove malicious files from the bucket as they are discovered."
type = string
default = "TRUE"
}
variable "ssm_param_client_id" {
description = "Name of the SSM parameter storing the API client ID"
type = string
default = "S3_FALCONX_SCAN_CLIENT_ID"
}
variable "ssm_param_client_secret" {
description = "Name of the SSM parameter storing the API client secret"
type = string
default = "S3_FALCONX_SCAN_CLIENT_SECRET"
}
variable "cidr_vpc" {
description = "CIDR block for the VPC"
default = "10.99.0.0/16"
}
variable "cidr_subnet" {
description = "CIDR block for the subnet"
default = "10.99.10.0/24"
}
variable "environment_tag" {
description = "Environment tag"
type = string
default = "S3 Bucket Protection"
}
variable "trusted_ip" {
description = "Trusted IP address to access the test bastion"
type = string
default = "1.1.1.1/32"
}
variable "ssh_group_name" {
description = "Name of the security group allowing inbound SSH from the Trusted IP"
type = string
default = "S3-BUCKET-PROTECTION-TRUSTED-ADMIN"
}
variable "falcon_client_id" {
description = "The CrowdStrike Falcon API client ID"
type = string
default = ""
sensitive = true
}
variable "falcon_client_secret" {
description = "The CrowdStrike Falcon API client secret"
type = string
default = ""
sensitive = true
}
variable "lambda_description" {
description = "The description used for the lambda function"
type = string
default = "CrowdStrike S3 bucket protection"
}
variable "instance_name" {
description = "The name of the EC2 instance that is created to demo functionality"
type = string
default = "CS-S3-BUCKET-PROTECTION-TEST"
}
variable "instance_key_name" {
description = "The name of the SSH PEM key that will be used for authentication to the EC2 instance"
type = string
default = ""
}
variable "iam_prefix" {
description = "The prefix used for resources created within IAM"
type = string
default = "s3-bucket-protection"
}
variable "base_url" {
description = "The Base URL for the CrowdStrike Cloud API"
type = string
default = "https://api.crowdstrike.com"
}
variable "instance_type" {
description = "The type.size of the EC2 instance that is created"
type = string
default = "t2.small"
}