AWS EKS Deploy
Overview
The AWS EKS Deploy template stands as a versatile solution tailored to effortlessly provision a robust and secure environment for hosting microservices applications on Amazon Web Services (AWS). Through automated deployment, this template establishes a zone-redundant and auto-scaled infrastructure, ensuring high availability and scalability. In adherence to the Center for Internet Security (CIS) benchmarks, the template also prioritizes security while enabling comprehensive logging and monitoring. Beyond the baseline, the template's configurability, driven by customizable parameters, allows for the seamless addition of various AWS resources, providing flexibility and adaptability to diverse application needs.
List of resources
- VPC
- ALB
- ECR
- EKS
- Route 53 Private DNS Zone
- Route 53 Public DNS Zone
- Redis
- API Gateway
- Cloud Front
- Dynamodb
- Elastic Search
- Open Search
- Network Load Balancer
- Postgres
- S3
- SNS
- SQS
- EC2
Cloud Architecture
© Copyright BOS Framework 2024
Input Parameters
| Input Variables | Descriptions | Default Values | Type | Supported Values |
|---|---|---|---|---|
| aws_access_key | AWS access key used for authentication. | abcde123-4567-890f-12ab-34cd56789ef0 | string | |
| aws_secret_key | AWS secret key used for authentication. | 12345678-abcd-1234-ef12-123456789abc | string | |
| aws_region | AWS region where resources will be deployed. | us-east-1 | string | |
| tags_name | Tags to be associated with AWS resources in JSON format. | '{"Environment":"Dev","ProductName":"JohnDoe"}' | map(string) | |
| vpc_name | Name of the Amazon Virtual Private Cloud (VPC). | my-vpc | string | |
| vpc_cidr_block | CIDR block for the VPC IP address range. | 10.5.0.0/16 | string | |
| vpc_enable_dns_hostnames | Enable DNS hostnames for the VPC. | true | bool | true, false |
| subnet1_private_name | Name of the first private subnet within the VPC. | my-subnet-1 | string | |
| subnet1_private_cidr_block | CIDR block for the first private subnet IP address range. | 10.5.8.0/21 | string | |
| subnet2_private_name | Name of the second private subnet within the VPC. | my-subnet-2 | string | |
| subnet2_private_cidr_block | CIDR block for the second private subnet IP address range. | 10.5.16.0/22 | string | |
| subnet3_private_name | Name of the third private subnet within the VPC. | my-subnet-3 | string | |
| subnet3_private_cidr_block | CIDR block for the third private subnet IP address range. | 10.5.24.0/22 | string | |
| subnet4_public_name | Name of the first public subnet within the VPC. | my-subnet-4 | string | |
| subnet4_public_cidr_block | CIDR block for the first public subnet IP address range. | 10.5.32.0/22 | string | |
| subnet5_public_name | Name of the second public subnet within the VPC. | my-subnet-5 | string | |
| subnet5_public_cidr_block | CIDR block for the second public subnet IP address range. | 10.5.40.0/22 | string | |
| subnet6_public_name | Name of the third public subnet within the VPC. | my-subnet-6 | string | |
| subnet6_public_cidr_block | CIDR block for the third public subnet IP address range. | 10.5.48.0/22 | string | |
| public_subnet_map_public_ip_on_launch | Whether to map public IP addresses to instances launched in public subnets. | true | bool | true, false |
| vpc_igw_name | Name of the Internet Gateway (IGW) for the VPC. | my-internet-gateway | string | |
| public_subnet_igw_route_name | Name of the route table for the public subnets. | my-public-rt | string | |
| public_subnet_igw_route_cidr_block | CIDR block for the default route in the public subnets. | 0.0.0.0/0 | string | |
| ngw_name | Name of the NAT Gateway (NGW) for the VPC. | my-nat-gw | string | |
| ngw_eip_domain | Domain for the Elastic IP address associated with the NGW. | vpc | string | vpc |
| private_subnet_ngw_route_name | Name of the route table for the private subnets. | my-nat-gw-rt | string | |
| private_subnet_ngw_route_cidr_block | CIDR block for the default route in the private subnets. | 0.0.0.0/0 | string | |
| vpc_log_retention | Log retention period for VPC flow logs. | 7 | number | |
| vpc_flow_log_enable | Enable VPC flow logs. | true | bool | true, false |
| cloudtrail_enable | Enable AWS CloudTrail. | true | bool | true, false |
| cloudtrail_name | Name of the AWS CloudTrail. | my-cloudtrail | string | |
| cloudtrail_include_global_service_events | Include global service events in CloudTrail logs. | true | bool | true, false |
| cloudtrail_cloudwatch_logging_enable | Enable CloudWatch logging for CloudTrail. | true | bool | true, false |
| cloudtrail_enable_log_file_validation | Enable log file validation for CloudTrail. | true | bool | true, false |
| cloudtrail_logging_enabled | Enable CloudTrail logging. | true | bool | true, false |
| cloudtrail_is_multi_region | Enable multi-region logging for CloudTrail. | true | bool | true, false |
| cloudtrail_cloudwatch_log_group_name | Name of the CloudWatch log group for CloudTrail. | my-cloudtrail-log-group | string | |
| cloudtrail_cloudwatch_log_retention_days | CloudWatch log retention in days. | 7 | number | |
| cloudtrail_cloudwatch_iam_role_name | Name of the IAM role for CloudWatch. | my-cloudtrail-cloudwatch-iam-role | string | |
| cloudtrail_cloudwatch_iam_policy_name | Name of the IAM policy for CloudWatch. | my-cloudtrail-cloudwatch-iam-policy | string | |
| cloudtrail_bucket_name | Name of the S3 bucket for CloudTrail logs. | my-cloudtrail-bucket | string | |
| cloudtrail_bucket_force_destroy | Allow forceful removal of the S3 bucket. | true | bool | true, false |
| cloudtrail_bucket_object_lock_enabled | Enable S3 object lock for the bucket. | true | bool | true, false |
| cloudtrail_bucket_key_name | Name of the KMS key for S3 object encryption. | my-cloudtrail-bucket-key | string | |
| cloudtrail_bucket_key_description | Description of the KMS key for S3 object encryption. | my-cloudtrail-bucket-key | string | |
| cloudtrail_bucket_key_deletion_window_in_days | KMS key deletion window in days. | 30 | number | |
| cloudtrail_bucket_key_is_enabled | Enable the KMS key for S3 object encryption. | true | bool | true, false |
| cloudtrail_bucket_key_enable_rotation | Enable rotation of the KMS key for S3 encryption. | true | bool | true, false |
| cloudtrail_bucket_sse_encryption_algorithm | S3 server-side encryption algorithm. | aws:kms | string | aws:kms |
| cloudtrail_bucket_block_public_acls | Block public ACLs on the S3 bucket. | true | bool | true, false |
| cloudtrail_bucket_ignore_public_acls | Ignore public ACLs on the S3 bucket. | true | bool | true, false |
| cloudtrail_bucket_block_public_policy | Block public bucket policies. | true | bool | true, false |
| cloudtrail_bucket_restrict_public_buckets | Restrict public bucket access. | true | bool | true, false |
| cloudtrail_bucket_access_logging_enable | Enable S3 bucket access logging. | true | bool | true, false |
| cloudtrail_bucket_access_logging_bucket_name | Name of the S3 bucket for access logs. | my-cloudtrail-log-bucket | string | |
| cloudtrail_bucket_access_logging_bucket_force_destroy | Allow forceful removal of the access log bucket. | true | bool | true, false |
| cloudtrail_bucket_access_logging_bucket_object_lock_enabled | Enable S3 object lock for the access log bucket. | true | bool | true, false |
| cloudtrail_bucket_access_logging_bucket_target_prefix | Prefix for access log objects. | log/ | string | |
| cloudtrail_s3_object_level_logging | Level of S3 object logging for CloudTrail. | All | string | All, ReadOnly, WriteOnly |
| cloudtrail_sns_topic_name | Name of the SNS topic for CloudTrail notifications. | my-cloudtrail-sns | string | |
| cloudtrail_sns_topic_subscription_protocol | Protocol for SNS topic subscription. | string | email, email-json, http, https | |
| cloudtrail_sns_topic_subscription_endpoint | Endpoint for SNS topic subscription. | my@email.com | string | |
| cloudtrail_sns_topic_subscription__endpoint_auto_confirms | Auto-confirm subscription to SNS topic. | true | bool | true, false |
| unauthorized_api_calls_monitoring_enable | Enable monitoring for unauthorized API calls. | true | bool | true, false |
| unauthorized_api_calls_monitoring_log_metric_name | Name of the log metric for unauthorized API calls. | unauthorized_api_calls_metric | string | |
| unauthorized_api_calls_monitoring_log_metricnamespace | Namespace for the log metric for unauthorized API calls. | monitoringnm | string | |
| unauthorized_api_calls_monitoring_alarm_name | Name of the monitoring alarm for unauthorized API calls. | unauthorized_api_calls_alarm | string | |
| unauthorized_api_calls_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| unauthorized_api_calls_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| unauthorized_api_calls_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| without_mfa_sign_in_monitoring_enable | Enable monitoring for sign-ins without MFA. | true | bool | true, false |
| without_mfa_sign_in_monitoring_log_metric_name | Name of the log metric for sign-ins without MFA. | no_mfa_console_signin_metric | string | |
| without_mfa_sign_in_monitoring_log_metricnamespace | Namespace for the log metric for sign-ins without MFA. | monitoringnm | string | |
| without_mfa_sign_in_monitoring_alarm_name | Name of the monitoring alarm for sign-ins without MFA. | no_mfa_console_signin_alarm | string | |
| without_mfa_sign_in_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| without_mfa_sign_in_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| without_mfa_sign_in_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| root_user_login_monitoring_enable | Enable monitoring for root user login events. | true | bool | true, false |
| root_user_login_monitoring_log_metric_name | Name of the log metric for root user login events. | root_usage_metric | string | |
| root_user_login_monitoring_log_metricnamespace | Namespace for the log metric for root user login events. | monitoringnm | string | |
| root_user_login_monitoring_alarm_name | Name of the monitoring alarm for root user login events. | root_usage_alarm | string | |
| root_user_login_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| root_user_login_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| root_user_login_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| iam_policy_change_monitoring_enable | Enable monitoring for IAM policy changes. | true | bool | true, false |
| iam_policy_change_monitoring_log_metric_name | Name of the log metric for IAM policy changes. | iam_changes_metric | string | |
| iam_policy_change_monitoring_log_metricnamespace | Namespace for the log metric for IAM policy changes. | monitoringnm | string | |
| iam_policy_change_monitoring_alarm_name | Name of the monitoring alarm for IAM policy changes. | iam_changes_alarm | string | |
| iam_policy_change_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| iam_policy_change_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| iam_policy_change_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| cloudtrail_config_change_monitoring_enable | Enable monitoring for AWS CloudTrail configuration changes. | true | bool | true, false |
| cloudtrail_config_change_monitoring_log_metric_name | Name of the log metric for AWS CloudTrail configuration changes. | cloudtrail_cfg_changes_metric | string | |
| cloudtrail_config_change_monitoring_log_metricnamespace | Namespace for the log metric for AWS CloudTrail configuration changes. | monitoringnm | string | |
| cloudtrail_config_change_monitoring_alarm_name | Name of the monitoring alarm for AWS CloudTrail configuration changes. | cloudtrail_cfg_changes_alarm | string | |
| cloudtrail_config_change_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| cloudtrail_config_change_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| cloudtrail_config_change_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| console_auth_failure_monitoring_enable | Enable monitoring for console authentication failures. | true | bool | true, false |
| console_auth_failure_monitoring_log_metric_name | Name of the log metric for console authentication failures. | console_signin_failure_metric | string | |
| console_auth_failure_monitoring_log_metricnamespace | Namespace for the log metric for console authentication failures. | monitoringnm | string | |
| console_auth_failure_monitoring_alarm_name | Name of the monitoring alarm for console authentication failures. | console_signin_failure_alarm | string | |
| console_auth_failure_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| console_auth_failure_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| console_auth_failure_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| kms_keys_monitoring_enable | Enable monitoring for AWS KMS key changes. | true | bool | true, false |
| kms_keys_monitoring_log_metric_name | Name of the log metric for AWS KMS key changes. | disable_or_delete_cmk_changes_metric | string | |
| kms_keys_monitoring_log_metricnamespace | Namespace for the log metric for AWS KMS key changes. | monitoringnm | string | |
| kms_keys_monitoring_alarm_name | Name of the monitoring alarm for AWS KMS key changes. | disable_or_delete_cmk_changes_alarm | string | |
| kms_keys_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| kms_keys_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| kms_keys_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| s3_bucket_policy_monitoring_enable | Enable monitoring for AWS S3 bucket policy changes. | true | bool | true, false |
| s3_bucket_policy_monitoring_log_metric_name | Name of the log metric for AWS S3 bucket policy changes. | s3_bucket_policy_changes_metric | string | |
| s3_bucket_policy_monitoring_log_metricnamespace | Namespace for the log metric for AWS S3 bucket policy changes. | monitoringnm | string | |
| s3_bucket_policy_monitoring_alarm_name | Name of the monitoring alarm for AWS S3 bucket policy changes. | s3_bucket_policy_changes_alarm | string | |
| s3_bucket_policy_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| s3_bucket_policy_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| s3_bucket_policy_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| config_changes_monitoring_enable | Enable monitoring for configuration changes. | true | bool | true, false |
| config_changes_monitoring_log_metric_name | Name of the log metric for configuration changes. | config_changes_changes_metric | string | |
| config_changes_monitoring_log_metricnamespace | Namespace for the log metric for configuration changes. | monitoringnm | string | |
| config_changes_monitoring_alarm_name | Name of the monitoring alarm for configuration changes. | config_changes_changes_alarm | string | |
| config_changes_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| config_changes_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| config_changes_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| security_groups_monitoring_enable | Enable monitoring for security group changes. | true | bool | true, false |
| security_groups_monitoring_log_metric_name | Name of the log metric for security group changes. | security_groups_changes_metric | string | |
| security_groups_monitoring_log_metricnamespace | Namespace for the log metric for security group changes. | monitoringnm | string | |
| security_groups_monitoring_alarm_name | Name of the monitoring alarm for security group changes. | security_groups_changes_alarm | string | |
| security_groups_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| security_groups_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| security_groups_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| nacl_monitoring_enable | Enable monitoring for Network ACL changes. | true | bool | true, false |
| nacl_monitoring_log_metric_name | Name of the log metric for Network ACL changes. | nacl_changes_metric | string | |
| nacl_monitoring_log_metricnamespace | Namespace for the log metric for Network ACL changes. | monitoringnm | string | |
| nacl_monitoring_alarm_name | Name of the monitoring alarm for Network ACL changes. | nacl_changes_alarm | string | |
| nacl_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| nacl_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| nacl_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| network_gateway_monitoring_enable | Enable monitoring for Network Gateway changes. | true | bool | true, false |
| network_gateway_monitoring_log_metric_name | Name of the log metric for Network Gateway changes. | network_gateway_changes_metric | string | |
| network_gateway_monitoring_log_metricnamespace | Namespace for the log metric for Network Gateway changes. | monitoringnm | string | |
| network_gateway_monitoring_alarm_name | Name of the monitoring alarm for Network Gateway changes. | network_gateway_changes_alarm | string | |
| network_gateway_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| network_gateway_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| network_gateway_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| route_table_monitoring_enable | Enable monitoring for route table changes. | true | bool | true, false |
| route_table_monitoring_log_metric_name | Name of the log metric for route table changes. | route_table_changes_metric | string | |
| route_table_monitoring_log_metricnamespace | Namespace for the log metric for route table changes. | monitoringnm | string | |
| route_table_monitoring_alarm_name | Name of the monitoring alarm for route table changes. | route_table_changes_alarm | string | |
| route_table_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| route_table_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| route_table_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| vpc_monitoring_enable | Enable monitoring for VPC changes. | true | bool | true, false |
| vpc_monitoring_log_metric_name | Name of the log metric for VPC changes. | vpc_changes_metric | string | |
| vpc_monitoring_log_metricnamespace | Namespace for the log metric for VPC changes. | monitoringnm | string | |
| vpc_monitoring_alarm_name | Name of the monitoring alarm for VPC changes. | vpc_changes_alarm | string | |
| vpc_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| vpc_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| vpc_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| org_changes_monitoring_enable | Enable monitoring for organization (Org) changes. | true | bool | true, false |
| org_changes_monitoring_log_metric_name | Name of the log metric for organization (Org) changes. | org_changes_changes_metric | string | |
| org_changes_monitoring_log_metricnamespace | Namespace for the log metric for organization (Org) changes. | monitoringnm | string | |
| org_changes_monitoring_alarm_name | Name of the monitoring alarm for organization (Org) changes. | org_changes_changes_alarm | string | |
| org_changes_monitoring_alarm_evaluation_periods | number of evaluation periods for the monitoring alarm. | 1 | number | |
| org_changes_monitoring_alarm_period | Monitoring alarm period in seconds. | 300 | number | |
| org_changes_monitoring_alarm_threshold | Threshold for the monitoring alarm. | 1 | number | |
| security_hub_enable | Enable AWS Security Hub. | false | bool | true, false |
| security_hub_default_standards_enable | Enable default standards in AWS Security Hub. | true | bool | true, false |
| security_hub_control_finding_generator | AWS Security Hub finding generator for security controls. | SECURITY_CONTROL | string | SECURITY_CONTROL, STANDARD_CONTROL |
| security_hub_auto_enable_controls | Automatically enable controls in AWS Security Hub. | true | bool | true, false |
| config_enable | Enable AWS Config. | false | bool | true, false |
| config_aggregator_name | Name of the AWS Config Aggregator. | my-config-aggregator | string | |
| config_account_aggregator_all_regions | Include all regions in the AWS Config Aggregator. | true | bool | true, false |
| config_recorder_name | Name of the AWS Config Recorder. | my-config-recorder | string | |
| config_recorder_start | Start the AWS Config Recorder. | true | bool | true, false |
| config_recorder_group_all_supported | Include all supported resource types in recorder. | true | bool | true, false |
| config_recorder_include_global_resource_types | Include global resource types in recorder. | true | bool | true, false |
| config_delivery_channel_name | Name of the AWS Config Delivery Channel. | my-delivery-channel | string | |
| config_delivery_channel_snapshot_frequency | Frequency for AWS Config snapshot delivery. | Three_Hours | string | One_Hour, Three_Hours |
| config_bucket_name | Name of the AWS Config bucket. | my-config-bucket | string | |
| config_bucket_force_destroy | Force destroy the AWS Config bucket. | true | bool | true, false |
| config_bucket_object_lock_enabled | Enable object lock for the AWS Config bucket. | true | bool | true, false |
| config_sns_topic_name | Name of the AWS Config SNS topic. | my-config-sns-topic | string | |
| config_sns_topic_subscription_protocol | Protocol for SNS topic subscription. | string | email, email-json, http, https | |
| config_sns_topic_subscription_endpoint | Endpoint for SNS topic subscription. | user@example.com | string | |
| config_sns_topic_subscription_endpoint_auto_confirms | Automatically confirm SNS topic subscription. | true | bool | true, false |
| macie_enable | Enable Amazon Macie. | false | bool | true, false |
| macie_finding_publishing_frequency | Frequency for Amazon Macie finding publishing. | FIFTEEN_MINUTES | string | FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS |
| macie_status | Status of Amazon Macie. | ENABLED | string | ENABLED, PAUSED |
| macie_bucket_name | Name of the Amazon Macie bucket. | mymaciebucket | string | |
| macie_bucket_force_destroy | Force destroy the Amazon Macie bucket. | true | bool | true, false |
| macie_bucket_object_lock_enabled | Enable object lock for the Amazon Macie bucket. | true | bool | true, false |
| macie_bucket_key_description | Description for Amazon Macie KMS key. | mymaciekeydesc | string | |
| macie_bucket_key_deletion_window_in_days | Deletion window in days for Amazon Macie KMS key. | 7 | number | |
| macie_bucket_key_is_enabled | Enable Amazon Macie KMS key. | true | bool | true, false |
| macie_bucket_key_enable_key_rotation | Enable key rotation for Amazon Macie KMS key. | true | bool | true, false |
| macie_bucket_key_name | Name of Amazon Macie KMS key. | mymaciekey | string | |
| add_primary_contact_info | Add primary contact information. | false | bool | true, false |
| primary_contact_address_line | Address line for the primary contact. | myaddress | string | |
| primary_contact_city | City for the primary contact. | mycity | string | |
| primary_contact_companyname | Company name for the primary contact. | mycompany | string | |
| primary_contact_country_code | Country code for the primary contact. | mycountrycode | string | |
| primary_contact_district_or_county | District or county for the primary contact. | mydisctrict | string | |
| primary_contact_fullname | Full name of the primary contact. | myname | string | |
| primary_contact_phone_number | Phone number of the primary contact. | 1000110001 | string | |
| primary_contact_postal_code | Postal code for the primary contact. | 10012 | string | |
| primary_contact_state_or_region | State or region for the primary contact. | mystate | string | |
| primary_contact_website_url | Website URL for the primary contact. | mywebsite923.com | string | |
| add_alternate_contact_info | Add alternate contact information. | false | bool | true, false |
| add_alternate_contact_type | Type of alternate contact. | OPERATIONS | string | BILLING, OPERATIONS, SECURITY |
| add_alternate_contactname | Name of the alternate contact. | myalernatecontact | string | |
| add_alternate_contact_title | Title of the alternate contact. | myalernatecontacttitle | string | |
| add_alternate_contact_email_address | Email address of the alternate contact. | alernatecontact@example.com | string | |
| add_alternate_contact_phone_number | Phone number of the alternate contact. | 100011001 | string | |
| create_password_policy | Create a password policy. | true | bool | true, false |
| password_policy_minimum_length | Minimum password length. | 14 | number | |
| password_policy_reuse_prevention | Password reuse prevention period (in days). | 24 | number | |
| password_policy_require_lowercase | Require lowercase characters in passwords. | true | bool | true, false |
| password_policy_require_numbers | Require numbers in passwords. | true | bool | true, false |
| password_policy_require_uppercase | Require uppercase characters in passwords. | true | bool | true, false |
| password_policy_require_symbols | Require symbols in passwords. | true | bool | true, false |
| password_policy_allow_users_to_change_password | Allow users to change their password. | true | bool | true, false |
| password_policy_max_age | Maximum password age (in days). | 90 | number | |
| private_dns_zone | The name of the private DNS zone | myprivatednszone.com | string | |
| private_dns_zone_comment | Specifies a comment for the AWS Route 53 private DNS zone | myprivatednszone | string | |
| private_dns_force_destroy | Controls whether template should forcibly destroy the AWS Route 53 private DNS zone | true | bool | true, false |
| public_dns_zone | The name of the Public DNS zone | mypublicdnszone.com | string | |
| public_dns_comment | Specifies a comment for the AWS Route 53 public DNS zone | mypublicdnszone | string | |
| public_dns_force_destroy | Controls whether template should forcibly destroy the AWS Route 53 public DNS zone | true | bool | true, false |
| ecr_name | Name of the Elastic Container Registry. | myecr | string | |
| eks_alb_group_name | Secruity Group Name for EKS and ALB | myeksalbsg | string | |
| ecr_image_scan | Enable image scanning for ECR. | true | bool | true, false |
| ecr_force_delete | Force delete images from ECR. | true | bool | true, false |
| eks_cluster_key_deletion_window_in_days | Key deletion window in days for the EKS cluster. | 7 | number | |
| eks_cluster_key_is_enabled | Enable or disable the EKS cluster key. | true | bool | true, false |
| eks_cluster_key_enable_rotation | Enable key rotation for the EKS cluster key. | true | bool | true, false |
| eks_cluster_key_name | Name of the EKS cluster secret key. | my-eks-secret-key | string | |
| eks_cluster_name | Name of the EKS cluster. | my-eks-cluster | string | |
| eks_cluster_version | Version of the EKS cluster. | 1.27 | string | |
| eks_endpoint_private_access | Enable private access to the EKS cluster. | false | bool | true, false |
| eks_endpoint_public_access | Enable public access to the EKS cluster. | true | bool | true, false |
| eks_public_access_cidrs | list of CIDR blocks with public access to the EKS cluster. | ["0.0.0.0/0"] | list | |
| eks_cluster_cni_addon_enable | Enable the CNI addon for the EKS cluster. | true | bool | true, false |
| eks_cluster_cni_addon | Name of the CNI addon for the EKS cluster. | vpc-cni | string | vpc-cni |
| eks_cluster_coredns_addon | Name of the CoreDNS addon for the EKS cluster. | coredns | string | coredns |
| eks_cluster_coredns_addon_enable | Enable the CoreDNS addon for the EKS cluster. | true | bool | true, false |
| eks_cluster_kubeproxy_addon | Name of the kube-proxy addon for the EKS cluster. | kube-proxy | string | kube-proxy |
| eks_cluster_kubeproxy_addon_enable | Enable the kube-proxy addon for the EKS cluster. | true | bool | true, false |
| eks_cluster_addon_resolve_conflicts_on_create | Resolve conflicts during addon creation. | OVERWRITE | string | OVERWRITE, NONE |
| eks_cluster_addon_resolve_conflicts_on_update | Resolve conflicts during addon update. | OVERWRITE | string | OVERWRITE, NONE |
| eks_worker_node_instance_types | list of instance types for EKS worker nodes. | ["t3.medium"] | list | |
| eks_worker_node_ami_type | AMI type for EKS worker nodes. | AL2_x86_64 | string | AL2_x86_64 |
| eks_worker_node_desired | Desired number of EKS worker nodes. | 1 | number | |
| eks_worker_node_max | Maximum number of EKS worker nodes. | 2 | number | |
| eks_worker_node_min | Minimum number of EKS worker nodes. | 1 | number | |
| eks_worker_node_max_unavailable | Maximum unavailable nodes during updates. | 1 | number | |
| eks_worker_node_tls_private_key_algorithm | TLS private key algorithm for worker nodes. | RSA | string | RSA |
| eks_worker_node_key_pair_name | Name of the key pair for worker nodes. | my-eks-worker-node-key-pair | string | |
| eks_worker_node_private_key_secret_name | Name of the secret for the private key. | my-eks-node-group-private-key | string | |
| eks_worker_node_private_key_secret_recovery_window_in_days | Secret recovery window in days for the private key. | 7 | number | |
| eks_worker_node_public_key_secret_name | Name of the secret for the public key. | my-eks-node-group-public-key | string | |
| eks_worker_node_public_key_secret_recovery_window_in_days | Secret recovery window in days for the public key. | 7 | number | |
| eks_cluster_log_retention | Log retention period for the EKS cluster. | 7 | number | |
| eks_cluster_role_name | Name of the EKS cluster role. | my-eks-cluster-role | string | |
| eks_cluster_role_force_detach_policies | Force detach policies for the EKS cluster role. | true | bool | true, false |
| eks_cluster_enabled_cluster_log_types | Enabled cluster log types for the EKS cluster. | ["api", "audit", "authenticator"] | list | ["api", "audit", "authenticator", "controllerManager", "scheduler"] |
| eks_cluster_node_group_name | Name of the EKS cluster node group. | my-eks-cluster-node-group | string | |
| eks_worker_node_remote_access_sg_ingress_cidr_blocks | list of CIDR blocks for ingress rules in the security group. | 45.127.59.60/32 | string | |
| eks_worker_node_remote_access_sg_ingress_from_port | Start port for ingress rules in the security group. | 22 | number | |
| eks_worker_node_remote_access_sg_ingress_ip_protocol | IP protocol for ingress rules in the security group. | tcp | string | tcp, udp, http, https |
| eks_worker_node_remote_access_sg_ingress_to_port | End port for ingress rules in the security group. | 22 | number | |
| eks_worker_node_remote_access_sg_ingress_description | Description for the ingress rule in the security group. | EKSNodesIngressRule | string | |
| eks_worker_node_remote_access_sg_name | Name of the security group for remote access. | my-eks-sg | string | |
| eks_worker_node_remote_access_sg_description | Description for the security group for remote access. | EKSNodesSecurityGroup | string | |
| eks_deploy_metric_server | Deploy Metric Server for the EKS cluster. | true | bool | true, false |
| eks_cluster_fargate_enable | Enable or disable Fargate for the EKS cluster. | false | bool | true, false |
| eks_fargate_profile_role_name | Name of the Fargate profile role. | myeksfargateprofilerole | string | |
| eks_fargate_profile_name | Name of the Fargate profile. | myeksfargateprofile | string | |
| eks_fargate_profile_selectornamespace | Namespace selector for the Fargate profile. | myeksfargatenamespace | string | |
| eks_cluster_openid_role_name | Name of the OpenID Connect (OIDC) role for the EKS cluster. | my-oidc | string | |
| eks_cluster_alb_ingress_service_accountname | Name of the service account for ALB Ingress Controller. | aws-load-balancer-controller | string | aws-load-balancer-controller |
| eks_cluster_alb_ingress_helm_chartname | Name of the Helm chart for ALB Ingress Controller. | aws-load-balancer-controller | string | aws-load-balancer-controller |
| eks_cluster_alb_ingress_helm_chart_releasename | Release name for the Helm chart of ALB Ingress Controller. | aws-load-balancer-controller | string | aws-load-balancer-controller |
| eks_cluster_alb_ingress_helm_chart_version | Version of the Helm chart for ALB Ingress Controller. | 1.5.3 | string | 1.5.3 |
| eks_cluster_alb_ingress_helm_chart_repo | Helm chart repository URL for ALB Ingress Controller. | https://aws.github.io/eks-charts | string | https://aws.github.io/eks-charts |
| eks_cluster_alb_ingressnamespace | Namespace for ALB Ingress Controller. | kube-system | string | kube-system |
| eks_cluster_alb_ingress_certificate_private_key | ALB Ingress Controller certificate private key. | myalbcertprivatekey | string | |
| eks_cluster_alb_ingress_certificate_body | ALB Ingress Controller certificate private body | myalbcertprivatekeybody | string | |
| eks_cluster_alb_ingress_certificate_enable | Enable or disable certificate management for ALB Ingress Controller. | false | bool | true, false |
| iam_usernames | list of IAM usernames to create. | ["myiamuser1", "myiamuser2"] | list | |
| iam_user_secret_recovery_window_in_days | Secret recovery window in days for IAM users. | 7 | number | |
| iam_users_dynamodb_access_enable | Enable or disable DynamoDB access for IAM users. | true | bool | true, false |
| iam_generate_access_keys | Generate access keys for IAM users. | true | bool | true, false |
| iam_renew_access_keys | Renew access keys for IAM users. | false | bool | true, false |
| dynamodb_access_policy_name | Name of the DynamoDB access policy. | DynamoDBAccessPolicy | string | |
| dynamodb_access_policy_actions | list of actions for the DynamoDB access policy. | ["dynamodb:Scan", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "kms:Decrypt"]' | list | ["dynamodb:Scan", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "kms:Decrypt"]' |
| iam_users_opensearch_access_enable | Enable or disable OpenSearch access for IAM users. | true | bool | true, false |
| opensearch_access_policy_name | Name of the OpenSearch access policy. | opensearchAccessPolicy | string | |
| opensearch_access_policy_actions | list of actions for the OpenSearch access policy. | ["es:ESHttpGet", "es:ESHttpHead", "es:ESHttpPut", "es:ESHttpPost", "es:ESHttpDelete"]' | list | ["es:ESHttpGet", "es:ESHttpHead", "es:ESHttpPut", "es:ESHttpPost", "es:ESHttpDelete"]' |
| iam_users_redis_access_enable | Enable or disable Amazon ElastiCache for Redis access for IAM users. | true | bool | true, false |
| redis_access_policy_name | Name of the Amazon ElastiCache for Redis access policy. | RedisAccessPolicy | string | |
| redis_access_policy_actions | list of actions for the Amazon ElastiCache for Redis access policy. | ["elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheSecurityGroups", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeEngineDefaultParameters", "elasticache:DescribeEvents", "elasticache:DescribeReplicationGroups", "elasticache:listTagsForResource", "elasticache:listAllowedNodeTypeModifications", "elasticache:listTagsForResource", "kms:Decrypt"]' | list | ["elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheSecurityGroups", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeEngineDefaultParameters", "elasticache:DescribeEvents", "elasticache:DescribeReplicationGroups", "elasticache:listTagsForResource", "elasticache:listAllowedNodeTypeModifications", "elasticache:listTagsForResource", "kms:Decrypt"]' |
| iam_users_s3_access_enable | Enable or disable Amazon S3 access for IAM users. | true | bool | true, false |
| s3_access_policy_name | Name of the Amazon S3 access policy. | S3AccessPolicy | string | |
| s3_access_policy_actions | list of actions for the Amazon S3 access policy. | ["s3:GetObject", "s3:PutObject", "s3:listBucket", "s3:DeleteObject", "s3:listBucketMultipartUploads", "s3:listBucketVersions", "kms:Decrypt"]' | list | ["s3:GetObject", "s3:PutObject", "s3:listBucket", "s3:DeleteObject", "s3:listBucketMultipartUploads", "s3:listBucketVersions", "kms:Decrypt"]' |
| iam_user_groupname | Name of the IAM group for users. | myiamusergroup | string | |
| iam_user_grouppath | Path for the IAM group. | / | string | |
| iam_user_group_membership_name | Name of the group membership. | my-iam-user-group-membership | string | |
| iam_access_analyzer_enable | Enable or disable AWS Identity and Access Management Access Analyzer. | true | bool | true, false |
| iam_access_analyzer_name | Name of AWS Identity and Access Management Access Analyzer. | myiamanalyzer | string | |
| iam_access_analyzer_type | Type of AWS Identity and Access Management Access Analyzer. | ACCOUNT | string | ORGANIZATION, ACCOUNT |
| iam_users_sns_access_enable | Enables or disables IAM users' access to Amazon SNS services. | true | bool | true, false |
| sns_access_policy_name | Specifies the name of the IAM policy controlling access to Amazon SNS resources. | sns-access-policy | string | |
| sns_access_policy_actions | Defines the actions permitted by the IAM policy for Amazon SNS resources. | ["sns:Publish", "sns:Subscribe"] | string | ["sns:Publish", "sns:Subscribe"] |
| iam_users_sqs_access_enable | Enables or disables IAM users' access to Amazon SQS services. | true | bool | true, false |
| sqs_access_policy_name | Specifies the name of the IAM policy controlling access to Amazon SQS resources. | sqs-access-policy | string | |
| sqs_access_policy_actions | Defines the actions permitted by the IAM policy for Amazon SQS resources. | ["sqs:SendMessage", "sqs:ReceiveMessage"] | string | ["sqs:SendMessage", "sqs:ReceiveMessage"] |
| alb_name | Name of the Application Load Balancer (ALB). | my-alb | string | |
| alb_security_group_name | Name of the security group for the ALB. | my-alb-sg | string | |
| alb_security_group_description | Description for the ALB security group. | ALBSecurutyGroup | string | |
| alb_ingress_rule_1_cidr_blocks | CIDR blocks for the first ingress rule . | 0.0.0.0/0 | string | |
| alb_ingress_rule_1_from_port | Starting port for the first ingress rule. | 80 | number | |
| alb_ingress_rule_1_ip_protocol | IP protocol for the first ingress rule. | tcp | string | tcp, udp, http, https |
| alb_ingress_rule_1_to_port | Ending port for the first ingress rule. | 80 | number | |
| alb_ingress_rule_2_cidr_blocks | CIDR blocks for the second ingress rule. | 0.0.0.0/0 | string | |
| alb_ingress_rule_2_from_port | Starting port for the second ingress rule. | 443 | number | |
| alb_ingress_rule_2_ip_protocol | IP protocol for the second ingress rule. | tcp | string | tcp, udp, http, https |
| alb_ingress_rule_2_to_port | Ending port for the second ingress rule. | 443 | number | |
| alb_access_logs_bucket_name | Name of the S3 bucket for ALB access logs. | myalbaccesslogs | string | |
| alb_internal | Indicates if the ALB is internal or public. | false | bool | true, false |
| alb_access_logs_enabled | Indicates whether access logs for ALB are enabled. | true | bool | true, false |
| redis_sg_name | Name of the Redis Security Group | my-redis-sg | string | |
| redis_sg_description | Description for the Redis Security Group | my-redis-sg-desc | string | |
| redis_ingress_from_port | Port number for ingress traffic | 443 | number | |
| redis_ingress_protocol | Protocol for ingress traffic | tcp | string | tcp, udp, http, https |
| redis_ingress_to_port | Port number for egress traffic | 443 | number | |
| redis_ingress_description | Description for the ingress rule | RedisIngressRule | string | |
| redis_vpc_endpoint_service | Service name for the Redis VPC Endpoint | com.amazonaws.us-east-1.elasticache | string | com.amazonaws.us-east-1.elasticache |
| redis_vpc_endpoint_type | Type of VPC Endpoint | Interface | string | Interface |
| redis_vpc_endpoint_private_dns_enabled | Flag indicating DNS resolution | true | bool | true, false |
| redis_vpc_endpoint_name | Name of the Redis VPC Endpoint | my-redis-vpc-endpoint | string | |
| redis_parameter_group_name | Name of the Redis Parameter Group | my-redis-parameter-group | string | |
| redis_parameter_group_description | Description for the Parameter Group | RedisParameterGroup | string | |
| redis_parameter_group_family | Family of the Parameter Group | redis7 | string | redis7 |
| redis_subnet_group_name | Name of the Redis Subnet Group | my-redis-subnet-group | string | |
| redis_subnet_group_description | Description for the Subnet Group | RedisSubnetGroup | string | |
| redis_name | Name of the Redis cluster or instance | my-redis-cluster | string | |
| redis_engine_version | Version of the Redis engine | 7.0 | string | 7.0, 7.2 |
| redis_node_type | Type of Redis nodes | cache.t2.micro | string | |
| redis_port | Port on which the Redis instance listens | 6379 | number | |
| redis_apply_immediately | Flag for immediate changes application | true | bool | true, false |
| redis_snapshot_retention_limit | number of days snapshots to retain | 1 | number | |
| redis_log_group_name | Name of the CloudWatch Logs log group | my-redis-log-group | string | |
| redis_log_retention | Log retention period (in days) | 7 | number | |
| redis_log_destination_type | Log destination type | cloudwatch-logs | string | cloudwatch-logs |
| redis_log_format | Log format | text | string | json, text |
| redis_log_type | Type of Redis log. | slow-log | string | slow-log, engine-log |
| redis_key_description | Description for the Redis Key to encrypt | my-redis-key-desc | string | |
| redis_key_deletion_window_in_days | Key deletion window period (in days) | 7 | number | |
| redis_key_is_enabled | Flag indicating if key encryption is enabled | true | bool | true, false |
| redis_key_enable_rotation | Flag for key rotation | true | bool | true, false |
| redis_key_name | Name of the Redis encryption key | my-redis-key | string | |
| redis_description | Description for the Redis cluster or instance | my-redis-desc | string | |
| redis_maintenance_window | Maintenance window for the Redis instance | tue:06:30-tue:07:30 | string | ddd:hh24:mi-ddd:hh24:mi |
| redis_snapshot_window | Snapshot window for Redis backups | 01:00-02:00 | string | |
| redis_automatic_failover_enabled | Flag for automatic failover | true | bool | true, false |
| redis_auto_minor_version_upgrade | Flag for automatic minor version upgrades | false | bool | true, false |
| redis_at_rest_encryption_enabled | Flag for at-rest encryption | true | bool | true, false |
| redis_multi_az_enabled | Flag for Multi-AZ deployment | true | bool | true, false |
| redis_transit_encryption_enabled | Flag for transit encryption | true | bool | true, false |
| redis_num_node_groups | number of Redis node groups | 2 | number | |
| redis_replicas_per_node_group | number of replicas per node group | 1 | number | |
| sqs_fifo_queues_configs | Create N number of SQS Fifo and define its configurations | [{"name": "mysqs1.fifo","deduplication_scope": "messageGroup","fifo_throughput_limit": "perMessageGroupId","content_based_deduplication": false,"visibility_timeout_seconds": 30,"message_retention_seconds": 86400,"delay_seconds": 90,"max_message_size": 2048,"receive_wait_time_seconds": 10,"sqs_managed_sse_enabled": true},{"name": "mysqs2.fifo","deduplication_scope": "messageGroup","fifo_throughput_limit": "perMessageGroupId","content_based_deduplication": false,"visibility_timeout_seconds": 30,"message_retention_seconds": 86400,"delay_seconds": 90,"max_message_size": 2048,"receive_wait_time_seconds": 10,"sqs_managed_sse_enabled": true}]' | map(json) | Valid JSON structure with name, deduplication_scope, fifo_throughput_limit, content_based_deduplication, visibility_timeout_seconds, message_retention_seconds, delay_seconds, max_message_size, receive_wait_time_seconds, sqs_managed_sse_enabled defined for each sqs. |
| sns_standard_topic_key_deletion_window_in_days | Key deletion window period (in days) for SNS | 10 | number | |
| sns_standard_topic_key_is_enabled | Flag indicating if key encryption is enabled for SNS | true | bool | true, false |
| sns_standard_topic_key_enable_rotation | Flag for key rotation for SNS | true | bool | true, false |
| sns_standard_topic_key_name | Name of the SNS Key to encrypt | my-sns-key | string | |
| sns_standard_topic_vpc_endpoint_name | Name of the SNS VPC Endpoint | my-sns-vpc-endpoint | string | |
| sns_standard_topic_vpc_endpoint_service | Service name for the SNS VPC Endpoint | com.amazonaws.us-east-1.sns | string | com.amazonaws.us-east-1.sns |
| sns_standard_topic_vpc_endpoint_type | Type of VPC Endpoint for SNS | Interface | string | Interface |
| sns_standard_topic_vpc_endpoint_private_dns_enabled | Flag indicating DNS resolution for SNS | true | bool | true, false |
| sns_standard_topic_sg_ingress_from_port | Port number for ingress traffic for SNS | 443 | number | |
| sns_standard_topic_sg_ingress_ip_protocol | Protocol for ingress traffic for SNS | tcp | string | tcp, udp, http, https |
| sns_standard_topic_sg_ingress_to_port | Port number for egress traffic for SNS | 443 | number | |
| sns_standard_topic_sg_ingress_description | Description for the ingress rule for SNS | my-sns-sg-ingress-rule-desc | string | |
| sns_standard_topic_sg_name | Name of the SNS Security Group | my-sns-sg | string | |
| sns_standard_topic_sg_description | Description for the Security Group for SNS | my-sns-sg-desc | string | |
| sns_topics_config | Define the number of sns topics and their configurations. | [{"name": "testsnsstd2387233","require_subscription": true,"subscription_protocol": "email","subscription_endpoint": "user@example.com","subscription_endpoint_auto_confirms": true,"delivery_policy": {"http": {"defaultHealthyRetryPolicy": {"minDelayTarget": 20,"maxDelayTarget": 20,"numRetries": 3,"numMaxDelayRetries": 0,"numNoDelayRetries": 0,"numMinDelayRetries": 0,"backoffFunction": "linear"},"disableSubscriptionOverrides": false,"defaultThrottlePolicy": {"maxReceivesPerSecond": 1}}}}]' | map(json) | Valid JSON structure for with name, require_subscription, subscription_protocol, subscription_endpoint, subscription_endpoint_auto_confirms, delivery_policy defined for each sns topic. |
| elasticsearch_sg_name | Name of the Elasticsearch Security Group | my-es-sg | string | |
| elasticsearch_sg_description | Description of the Elasticsearch Security Group | my-es-sg-desc | string | |
| elasticsearch_sg_ingress_from_port | Starting port for incoming traffic to Elasticsearch | 443 | number | |
| elasticsearch_sg_ingress_to_port | Ending port for incoming traffic to Elasticsearch | 443 | number | |
| elasticsearch_sg_ingress_protocol | Protocol for incoming traffic to Elasticsearch | tcp | string | tcp, udp, http, https |
| elasticsearch_sg_ingress_description | Description for the ingress rule for Elasticsearch | my-es-sg-ingress-rule-desc | string | |
| elasticsearch_iam_service_linked_role | IAM service-linked role for Elasticsearch | opensearchservice.amazonaws.com | string | opensearchservice.amazonaws.com |
| elasticsearch_domain_name | Name of the Elasticsearch domain | my-es | string | |
| elasticsearch_domain_version | Elasticsearch domain version | 6.8 | string | 6.x |
| elasticsearch_domain_cluster_instance_type | Instance type for the Elasticsearch domain | r5.large.elasticsearch | string | |
| elasticsearch_domain_cluster_instance_count | number of instances in the Elasticsearch domain | 2 | number | |
| elasticsearch_domain_cluster_zone_awareness_enabled | Flag indicating zone awareness for the domain | true | bool | true, false |
| elasticsearch_domain_automated_snapshot_start_hour | Hour for starting automated snapshots | 23 | number | |
| elasticsearch_domain_ebs_enabled | Flag indicating whether EBS storage is enabled | true | bool | true, false |
| elasticsearch_domain_ebs_volume_type | EBS volume type for the Elasticsearch domain | gp3 | string | gp3 |
| elasticsearch_domain_ebs_volume_size_in_gb_per_node | EBS volume size (in GB) per node | 100 | number | |
| elasticsearch_domain_ebs_total_iops_per_node | Total IOPS per node for EBS volumes | 3000 | number | |
| elasticsearch_domain_ebs_total_throughput_in_mb_per_node | Total throughput (in MB) per node for EBS volumes | 125 | number | |
| elasticsearch_domain_encrypt_at_rest_enabled | Flag indicating encryption at rest for Elasticsearch | true | bool | true, false |
| elasticsearch_domain_log_type | Type of Elasticsearch logs to capture | INDEX_SLOW_LOGS | string | INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS |
| elasticsearch_domain_log_enabled | Flag indicating whether Elasticsearch logs are enabled | true | bool | true, false |
| elasticsearch_log_group_name | Name of the CloudWatch Logs group for Elasticsearch logs | my-es-log-group | string | |
| elasticsearch_log_retention | Retention period (in days) for Elasticsearch logs in CloudWatch | 7 | number | |
| elasticsearch_log_group_policy_name | Name of the CloudWatch Logs group policy for Elasticsearch | my-es-log-policy | string | |
| opensearch_sg_name | Name of the OpenSearch Security Group | my-open-search-sg | string | |
| opensearch_sg_description | Description of the OpenSearch Security Group | my-open-search-sg-desc | string | |
| opensearch_sg_ingress_from_port | Starting port for incoming traffic to OpenSearch | 443 | number | |
| opensearch_sg_ingress_to_port | Ending port for incoming traffic to OpenSearch | 443 | number | |
| opensearch_sg_ingress_protocol | Protocol for incoming traffic to OpenSearch | tcp | string | tcp, udp, http, https |
| opensearch_sg_ingress_description | Description for the ingress rule for OpenSearch | my-open-search-sg-ingress-rule-desc | string | |
| opensearch_iam_service_linked_role | IAM service-linked role for OpenSearch | opensearchservice.amazonaws.com | string | opensearchservice.amazonaws.com |
| opensearch_domain_name | Name of the OpenSearch domain | my-open-search | string | |
| opensearch_domain_version | OpenSearch domain version | OpenSearch_2.7 | string | OpenSearch_X.Y |
| opensearch_domain_cluster_instance_type | Instance type for the OpenSearch domain | r5.large.search | string | |
| opensearch_domain_cluster_instance_count | number of instances in the OpenSearch domain | 2 | number | |
| opensearch_domain_cluster_zone_awareness_enabled | Flag indicating zone awareness for the domain | true | bool | true, false |
| opensearch_domain_ebs_enabled | Flag indicating whether EBS storage is enabled | true | bool | true, false |
| opensearch_domain_ebs_volume_type | EBS volume type for the OpenSearch domain | gp3 | string | gp3 |
| opensearch_domain_ebs_volume_size_in_gb_per_node | EBS volume size (in GB) per node | 100 | number | |
| opensearch_domain_ebs_total_iops_per_node | Total IOPS per node for EBS volumes | 3000 | number | |
| opensearch_domain_ebs_total_throughput_in_mb_per_node | Total throughput (in MB) per node for EBS volumes | 125 | number | |
| opensearch_domain_encrypt_at_rest_enabled | Flag indicating encryption at rest for OpenSearch | true | bool | true, false |
| opensearch_domain_log_type | Type of OpenSearch logs to capture | INDEX_SLOW_LOGS | string | INDEX_SLOW_LOGS, SEARCH_SLOW_LOGS, ES_APPLICATION_LOGS, AUDIT_LOGS |
| opensearch_domain_log_enabled | Flag indicating whether OpenSearch logs are enabled | true | bool | true, false |
| opensearch_log_group_name | Name of the CloudWatch Logs group for OpenSearch logs | my-open-search-log-group | string | |
| opensearch_log_retention | Retention period (in days) for OpenSearch logs in CloudWatch | 7 | number | |
| opensearch_log_group_policy_name | Name of the CloudWatch Logs group policy for OpenSearch | my-open-search-log-group-policy | string | |
| opensearch_enforce_https | Flag indicating whether to enforce HTTPS for OpenSearch | true | bool | true, false |
| opensearch_tls_security_policy | TLS security policy for OpenSearch | Policy-Min-TLS-1-2-2019-07 | string | Policy-Min-TLS-1-0-2019-07, Policy-Min-TLS-1-2-2019-07 |
| opensearch_advanced_security_options_enabled | Flag indicating whether advanced security options are enabled | false | bool | true, false |
| opensearch_anonymous_auth_enabled | Flag indicating whether anonymous authentication is enabled | true | bool | true, false |
| opensearch_internal_user_database_enabled | Flag indicating whether the internal user database is enabled | true | bool | true, false |
| opensearch_master_username | Username for the master user of OpenSearch | my-open-search-username | string | |
| opensearch_master_user_password | Password for the master user of OpenSearch | my-open-search-password | string | |
| opensearch_node_to_node_encryption | Flag indicating node-to-node encryption for OpenSearch | true | bool | true, false |
| opensearch_master_secret_name | Name for the secret storing the master user password | my-open-search-creds-secret | string | |
| opensearch_master_secret_recovery_window_in_days | Secret recovery window in days for the master user password | 7 | number | |
| nlb_eip_domain | Elastic IP (EIP) domain for the Network Load Balancer. | vpc | string | vpc |
| nlb_access_logs_bucket_name | Name of the S3 bucket for Network Load Balancer access logs | my-nlb-access-log-bucket | string | |
| nlb_access_logs_bucket_force_destroy | Flag to force destroy the S3 access logs bucket | true | bool | true, false |
| nlb_name | Name of the Network Load Balancer (NLB) | my-nlb | string | |
| nlb_internal | Flag indicating whether Network Load Balancer is internal or external | false | bool | true, false |
| nlb_enable_deletion_protection | Flag indicating deletion protection for the Network Load Balancer | false | bool | true, false |
| nlb_enable_cross_zone_load_balancing | Flag indicating cross-zone load balancing for the Network Load Balancer | false | bool | true, false |
| nlb_access_logs_enabled | Flag indicating whether Network Load Balancer access logs are enabled | true | bool | true, false |
| dynamodb_table_vpc_endpoint_service | Service name for DynamoDB Table VPC Endpoint | com.amazonaws.us-east-1.dynamodb | string | com.amazonaws.us-east-1.dynamodb |
| dynamodb_table_vpc_endpoint_type | Type of DynamoDB Table VPC Endpoint | Gateway | string | Gateway |
| dynamodb_table_vpc_endpoint_name | Name of the DynamoDB Table VPC Endpoint | my-dynamodb-table-vpc-endpoint | string | |
| dynamodb_table_configs | Define the number of DynamoDB Table and their configurations. | [{"dynamodb_table_key_deletion_window_in_days": 7,"dynamodb_table_key_is_enabled": true,"dynamodb_table_key_enable_rotation": true,"dynamodb_table_key_name": "my-dynamodb-table-key","dynamodb_table_name": "my-dynamodb-table","dynamodb_table_billing_mode": "PROVISIONED","dynamodb_table_read_capacity": 5,"dynamodb_table_write_capacity": 50,"dynamodb_table_hash_key": "my-dynamodb-table-hash-key","dynamodb_table_range_key": "my-dynamodb-table-range-key","dynamodb_table_stream_enabled": true,"dynamodb_table_stream_view_type": "NEW_AND_OLD_IMAGES","dynamodb_table_deletion_protection_enabled": false,"dynamodb_table_hash_key_attribute_type": "S","dynamodb_table_range_key_attribute_type": "S","dynamodb_table_server_side_encryption": true,"dynamodb_table_ttl_attribute": "TimeToExist","dynamodb_table_ttl_enabled": true,"dynamodb_table_point_in_time_recovery_enabled": true,"dynamodb_table_read_autoscaling_max_capacity": 100,"dynamodb_table_read_autoscaling_min_capacity": 5,"dynamodb_table_read_autoscaling_target_value": 70,"dynamodb_table_write_autoscaling_max_capacity": 100,"dynamodb_table_write_autoscaling_min_capacity": 50,"dynamodb_table_write_autoscaling_target_value": 70,}]' | map(json) | Valid JSON structure for with dynamodb_table_key_deletion_window_in_days, dynamodb_table_key_is_enabled, dynamodb_table_key_enable_rotation, dynamodb_table_key_name, dynamodb_table_name, dynamodb_table_billing_mode, dynamodb_table_read_capacity, dynamodb_table_write_capacity, dynamodb_table_hash_key, dynamodb_table_range_key, dynamodb_table_stream_enabled, dynamodb_table_stream_view_type, dynamodb_table_deletion_protection_enabled, dynamodb_table_hash_key_attribute_type, dynamodb_table_range_key_attribute_type, dynamodb_table_server_side_encryption, dynamodb_table_ttl_attribute, dynamodb_table_ttl_enabled, dynamodb_table_point_in_time_recovery_enabled, dynamodb_table_read_autoscaling_max_capacity, dynamodb_table_read_autoscaling_min_capacity, dynamodb_table_read_autoscaling_target_value, dynamodb_table_write_autoscaling_max_capacity, dynamodb_table_write_autoscaling_min_capacity, dynamodb_table_write_autoscaling_target_value defined for each DynamoDB table. |
| postgresql_subnet_group_name | Name of the PostgreSQL Subnet Group | my-postgres-subnet-group | string | |
| postgresql_subnet_group_description | Description of the PostgreSQL Subnet Group | my-postgres-subnet-group-desc | string | |
| postgresql_vpc_endpoint_service | Service name for PostgreSQL VPC Endpoint | com.amazonaws.us-east-1.rds | string | com.amazonaws.us-east-1.rds |
| postgresql_vpc_endpoint_type | Type of PostgreSQL VPC Endpoint | Interface | string | Interface |
| postgresql_vpc_endpoint_private_dns_enabled | Enable private DNS for PostgreSQL VPC Endpoint | true | bool | true, false |
| postgresql_vpc_endpoint_name | Name of the PostgreSQL VPC Endpoint | my-postgres-vpc-endpoint | string | |
| postgresql_instances_configs | Define the number of PostgreSQL and their configurations. | [{"postgresql_security_group_name": "my-postgres-sg","postgresql_security_group_description": "my-postgres-sg-desc","postgresql_security_group_ingress_from_port": 5432,"postgresql_security_group_ingress_protocol": "tcp","postgresql_security_group_ingress_to_port": 5432,"postgresql_security_group_ingress_description": "my-postgres-sg-ingress-desc","postgresql_key_deletion_window_in_days": 7,"postgresql_key_is_enabled": true,"postgresql_key_enable_rotation": true,"postgresql_key_name": "my-postgres-key","postgresql_parameter_group_name": "my-postgres-parameter-group","postgresql_parameter_group_family": "postgres15","postgresql_parameter_group_description": "my-postgres-parameter-group-desc","postgresql_identifier": "my-postgres-name","postgresql_engine_version": "15.4","postgresql_allow_major_version_upgrade": true,"postgresql_auto_minor_version_upgrade": true,"postgresql_instance_class": "db.t3.medium","postgresql_allocated_storage": 20,"postgresql_storage_type": "gp3","postgresql_max_allocated_storage": 100,"postgresql_multi_az": true,"postgresql_publicly_accessible": false,"postgresql_port": 5432,"postgresql_backup_retention_period": 7,"postgresql_backup_window": "01:00-02:00","postgresql_delete_automated_backups": false,"postgresql_deletion_protection": false,"postgresql_storage_encrypted": true,"postgresql_apply_immediately": true,"postgresql_database_name": "my-postgres-db","postgresql_iam_database_authentication_enabled": true,"postgresql_username": "my-postgres-user","postgresql_manage_master_user_password": true,"postgresql_enabled_cloudwatch_logs_exports": ["postgresql","upgrade"],"postgresql_skip_final_snapshot": true,"postgresql_performance_insights_enabled": false,"postgresql_performance_insights_retention_period": 0,"postgresql_log_retention_in_days": 7}]' | map(json) | Valid JSON structure for with postgresql_security_group_name, postgresql_security_group_description, postgresql_security_group_ingress_from_port, postgresql_security_group_ingress_protocol, postgresql_security_group_ingress_to_port, postgresql_security_group_ingress_description, postgresql_key_deletion_window_in_days, postgresql_key_is_enabled, postgresql_key_enable_rotation, postgresql_key_name, postgresql_parameter_group_name, postgresql_parameter_group_family, postgresql_parameter_group_description, postgresql_identifier, postgresql_engine_version, postgresql_allow_major_version_upgrade, postgresql_auto_minor_version_upgrade, postgresql_instance_class, postgresql_allocated_storage, postgresql_storage_type, postgresql_max_allocated_storage, postgresql_multi_az, postgresql_publicly_accessible, postgresql_port, postgresql_backup_retention_period, postgresql_backup_window, postgresql_delete_automated_backups, postgresql_deletion_protection, postgresql_storage_encrypted, postgresql_apply_immediately, postgresql_database_name, postgresql_iam_database_authentication_enabled, postgresql_username, postgresql_manage_master_user_password, postgresql_enabled_cloudwatch_logs_exports, postgresql_skip_final_snapshot, postgresql_performance_insights_enabled, postgresql_performance_insights_retention_period, postgresql_log_retention_in_days defined for each Postgresql instance. |
| s3_bucket_name | Name of the S3 Bucket | my-s3-bucket | string | |
| s3_bucket_force_destroy | Whether to force destroy the S3 Bucket | true | bool | true, false |
| s3_bucket_object_lock_enabled | Enable object lock for the S3 Bucket | false | bool | true, false |
| s3_bucket_versioning | Versioning status for the S3 Bucket | Enabled | string | Enabled, Suspended, Disabled |
| s3_bucket_key_deletion_window_in_days | Key deletion window in days | 7 | number | |
| s3_bucket_key_is_enabled | Enable S3 Bucket key | true | bool | true, false |
| s3_bucket_key_enable_rotation | Enable key rotation for S3 Bucket key | true | bool | true, false |
| s3_bucket_key_name | Name of the S3 Bucket key | my-s3-bucket-key | string | |
| s3_bucket_key_description | Description of the S3 Bucket key | my-s3-bucket-key-desc | string | |
| s3_bucket_sse_encryption_algorithm | S3 Bucket SSE encryption algorithm | aws:kms | string | aws:kms |
| s3_bucket_deny_http_requests | Deny HTTP requests in S3 Bucket | true | bool | true, false |
| s3_bucket_block_public_acls | Block public ACLs in S3 Bucket | true | bool | true, false |
| s3_bucket_ignore_public_acls | Ignore public ACLs in S3 Bucket | true | bool | true, false |
| s3_bucket_block_public_policy | Block public policy in S3 Bucket | true | bool | true, false |
| s3_bucket_restrict_public_buckets | Restrict public buckets in S3 Bucket | true | bool | true, false |
| s3_bucket_key_enabled | Whether s3 is encrypted with a key. | true | bool | true, false |
| api_gateway_rest_api_sg_name | Name of the API Gateway Security Group | my-api-gateway-sg | string | |
| api_gateway_rest_api_sg_description | Description of the API Gateway Security Group | my-api-gateway-sg-desc | string | |
| api_gateway_rest_api_ingress_from_port | Ingress rule starting port for the API Gateway | 80 | number | |
| api_gateway_rest_api_ingress_protocol | Ingress rule protocol for the API Gateway | tcp | string | tcp, udp, http, https |
| api_gateway_rest_api_ingress_to_port | Ingress rule ending port for the API Gateway | 80 | number | |
| api_gateway_rest_api_vpc_endpoint_service | VPC endpoint service for API Gateway | com.amazonaws.us-east-1.execute-api | string | com.amazonaws.us-east-1.execute-api |
| api_gateway_rest_api_vpc_endpoint_type | VPC endpoint type for the API Gateway | Interface | string | Interface |
| api_gateway_rest_api_vpc_endpoint_private_dns_enabled | Enable private DNS resolution for the API Gateway | true | bool | true, false |
| api_gateway_rest_api_vpc_endpoint_name | Name of the VPC endpoint for the API Gateway | my-api-gateway-vpc-endpoint | string | |
| api_gateway_rest_api_name | Name of the API Gateway | my-api-gateway | string | |
| api_gateway_rest_api_body | Body of the API Gateway | '' | string | |
| api_gateway_rest_api_description | Description of the API Gateway | my-api-gateway-desc | string | |
| api_gateway_rest_api_endpoint_configuration_types | Configuration types for the API Gateway | PRIVATE | string | EDGE, REGIONAL, PRIVATE |
| api_gateway_resource_path_part | Path part for the API Gateway resource | my-api-gateway-path | string | |
| api_gateway_rest_api_ingress_description | Ingress description for the API Gateway | my-api-gateway-ingress-desc | string | |
| cloudfront_s3_origin_id | Identifier for the S3 origin within CloudFront. | my-cloud-front-s3-origin | string | |
| cloudfront_origin_access_control_name | Name of the Origin Access Control Policy to restrict access to CloudFront. | my-cloud-front-s3-origin-access-policy | string | |
| cloudfront_origin_access_control_description | Description of the Origin Access Control Policy. | my-cloud-front-s3-origin-access-policy-desc | string | |
| cloudfront_origin_access_control_origin_type | Type of the origin for access control. | s3 | string | s3 |
| cloudfront_origin_access_control_signing_behavior | Signing behavior for access control. | always | string | always, never, no-override |
| cloudfront_origin_access_control_signing_protocol | Signing protocol for access control. | sigv4 | string | sigv4 |
| cloudfront_distribution_enabled | Enable or disable the CloudFront distribution. | true | bool | true, false |
| cloudfront_distribution_is_ipv6_enabled | Enable or disable IPv6 support for the CloudFront distribution. | true | bool | true, false |
| cloudfront_distribution_comment | A comment or description for the CloudFront distribution. | my-cloud-front-distribution-comment | string | |
| cloudfront_distribution_default_root_object | The default root object for the CloudFront distribution. | index.html | string | |
| cloudfront_distribution_default_cache_behavior_allowed_methods | list of HTTP methods allowed for caching. | ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] | list | ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] |
| cloudfront_distribution_default_cache_behavior_cached_methods | list of HTTP methods to be cached. | ["GET", "HEAD"] | list | ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] |
| cloudfront_distribution_default_cache_behavior_forwarded_values_query_string | Whether to forward the query string. | false | bool | true, false |
| cloudfront_distribution_default_cache_behavior_forwarded_values_cookies_forward | How to handle forwarded cookies. | none | string | all, none |
| cloudfront_distribution_default_cache_behavior_min_ttl | Minimum Time to Live (TTL) in seconds for cached items. | 0 | number | |
| cloudfront_distribution_default_cache_behavior_default_ttl | Default TTL in seconds for cached items. | 3600 | number | |
| cloudfront_distribution_default_cache_behavior_max_ttl | Maximum TTL in seconds for cached items. | 86400 | number | |
| cloudfront_distribution_default_cache_behavior_viewer_protocol_policy | Viewer protocol policy. | allow-all | string | allow-all, https-only, redirect-to-https |
| cloudfront_distribution_ordered_cache_behavior_path_pattern | Path pattern for ordered cache behavior. | /content/immutable/* | string | |
| cloudfront_distribution_ordered_cache_behavior_allowed_methods | list of HTTP methods allowed for caching. | ["GET", "HEAD", "OPTIONS"] | list | ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] |
| cloudfront_distribution_ordered_cache_behavior_cached_methods | list of HTTP methods to be cached. | ["GET", "HEAD", "OPTIONS"] | list | ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] |
| cloudfront_distribution_ordered_cache_behavior_forwarded_values_query_string | Whether to forward the query string. | false | bool | true, false |
| cloudfront_distribution_ordered_cache_behavior_forwarded_values_headers | Headers to be forwarded. | Origin | string | |
| cloudfront_distribution_ordered_cache_behavior_forwarded_values_cookies_forward | How to handle forwarded cookies. | none | string | all, none |
| cloudfront_distribution_ordered_cache_behavior_min_ttl | Minimum TTL in seconds for cached items. | 0 | number | |
| cloudfront_distribution_ordered_cache_behavior_default_ttl | Default TTL in seconds for cached items. | 86400 | number | |
| cloudfront_distribution_ordered_cache_behavior_max_ttl | Maximum TTL in seconds for cached items. | 31536000 | number | |
| cloudfront_distribution_ordered_cache_behavior_compress | Enable or disable compression. | true | bool | true, false |
| cloudfront_distribution_ordered_cache_behavior_viewer_protocol_policy | Viewer protocol policy. | redirect-to-https | string | allow-all, https-only, redirect-to-https |
| cloudfront_distribution_price_class | Price class for the CloudFront distribution. | PriceClass_200 | string | PriceClass_All, PriceClass_200, PriceClass_100 |
| cloudfront_distribution_geo_restriction_type | Type of geo-restriction. | whitelist | string | none, whitelist, blacklist |
| cloudfront_distribution_geo_restriction_locations | list of geo-restriction locations. | ["US", "CA", "GB", "DE"] | list | ISO 3166-1-alpha-2 codes |
| cloudfront_distribution_default_certificate | Whether to use the default certificate. | false | bool | true, false |
| cloudfront_distribution_certificate_ssl_support_method | SSL support method for the certificate. | vip | string | vip, sni-only |
| vm_sg_name | Security group name for the Virtual Machine (VM). | my-vm-sg | string | |
| vm_sg_description | Description for the VM security group. | my-vm-sg-desc | string | |
| vm_sg_ingress_rules | N number of Ingress rules for the VM security group in JSON format. | {"rule1": {"cidr_blocks": "45.127.59.60/32","from_port": 3389,"to_port": 3389,"protocol": "tcp""description": "RDP Ingress Rule"}}' | map(json) | Valid JSON structure for with cidr_blocks, from_port, to_port, protocol, descriptions defined for each ingress rule for the VM. |
| vm_sg_egress_rules | N number of Egress rules for the VM security group in JSON format. | {"rule1": {"cidr_blocks": "0.0.0.0/0","from_port": 80,"to_port": 80,"protocol": "tcp""description": "Internet Rule"}"rule2": {"cidr_blocks": "0.0.0.0/0","from_port": 443,"to_port": 443,"protocol": "tcp""description": "Internet Rule"}}' | map(json) | Valid JSON structure for with cidr_blocks, from_port, to_port, protocol, descriptions defined for each ingress rule for the VM. |
| vm_ami | Amazon Machine Image (AMI) ID to launch the VM. | ami-0be0e902919675894 | string | |
| vm_instance_type | Type of EC2 instance for the VM. | t2.medium | string | |
| vm_name | Name for the Virtual Machine (VM). | my-vm | string | |
| vm_tls_private_key_algorithm | Algorithm for the TLS private key. | RSA | string | RSA |
| vm_key_pair_name | Name of the key pair to associate with the VM. | my-vm-key-pair | string | |
| vm_private_key_secret_name | Name of the secret containing the VM's private key. | my-vm-private-key-secret | string | |
| vm_public_key_secret_name | Name of the secret containing the VM's public key. | my-vm-public-key-secret | string | |
| vm_key_secret_recovery_window_in_days | Recovery window in days for the secret containing the private key. | 7 | number | |
| vm_iam_role_name | Name of the IAM role to associate with the VM. | my-vm-iam-role | string | |
| vm_iam_role_path | Path for the IAM role. | / | string | |
| vm_iam_instance_profile_name | Name of the IAM instance profile for the VM. | my-vm-iam-instance-profile | string | |
| vm_associate_public_ip_address | Whether to associate a public IP address with the VM. | true | bool | true, false |
| vm_root_volume_delete_on_termination | Whether to delete the root volume on VM termination. | true | bool | true, false |
| vm_root_volume_encrypted | Whether the root volume is encrypted. | true | bool | true, false |
| vm_root_volume_volume_size | Size in GB for the root volume. | 30 | number | |
| vm_root_volume_volume_type | Type of the root volume. | gp2 | string | |
| require_vm_ebs | Enable or disable the VM's Elastic Block Store (EBS) volume. | true | bool | true, false |
| vm_ebs_key_deletion_window_in_days | Deletion window in days for the EBS key. | 30 | number | |
| vm_ebs_key_is_enabled | Whether the EBS key is enabled. | true | bool | true, false |
| vm_ebs_key_enable_rotation | Enable or disable key rotation for the EBS key. | true | bool | true, false |
| vm_ebs_key_name | Name of the EBS key. | my-vm-ebs-key | string | |
| vm_ebs_size | Size in GB for the EBS volume. | 10 | number | |
| vm_ebs_devicename | Device name for the EBS volume. | /dev/sdh | string | |
| vm_ebs_encrypted | Whether the EBS volume is encrypted. | true | bool | true, false |
| vm_ebs_final_snapshot | Whether to create a final snapshot of the EBS volume. | false | bool | true, false |
| vm_ebs_type | Type of the EBS volume. | gp2 | string | |
| vm_ebs_multi_attach_enabled | Enable or disable multi-attach for the EBS volume. | false | bool | true, false |
| vm_metadata_http_endpoint | Metadata HTTP endpoint status. | enabled | string | enabled, disabled |
| vm_metadata_http_protocol_ipv6 | IPv6 protocol status for metadata HTTP endpoint. | disabled | string | enabled, disabled |
| vm_metadata_http_put_response_hop_limit | Hop limit for PUT requests to the metadata HTTP endpoint. | 1 | number | |
| vm_metadata_allow_IMDSv2 | IMDSv2 status for the VM. | required | string | required, optional |
| vm_metadata_tags | Metadata tags status for the VM. | disabled | string | enabled, disabled |
| require_private_dns | Whether private DNS is required. | true | bool | true, false |
| require_public_dns | Whether public DNS is required. | true | bool | true, false |
| require_api_gateway | Whether API Gateway is required. | true | bool | true, false |
| require_dynamodb | Whether DynamoDB is required. | true | bool | true, false |
| require_open_search | Whether OpenSearch is required. | true | bool | true, false |
| require_postgresql | Whether PostgreSQL is required. | true | bool | true, false |
| require_iam_users | Whether IAM users are required. | true | bool | true, false |
| require_s3 | Whether S3 is required. | true | bool | true, false |
| require_sns_standard | Whether SNS (Standard) is required. | true | bool | true, false |
| require_sqs_fifo | Whether SQS (FIFO) is required. | true | bool | true, false |
| require_redis | Whether Redis is required. | true | bool | true, false |
| require_jumpbox | Whether a VM is required. | true | bool | true, false |
| require_elastic_search | Whether Elasticsearch is required. | false | bool | true, false |
| require_cdn | Whether a Cloudfront is required. | false | bool | true, false |
| require_alb | Whether an Application Load Balancer (ALB) is required. | false | bool | true, false |
| require_network_load_balancer | Whether a Network Load Balancer (NLB) is required. | false | bool | true, false |
| require_ses_email_identity | Controls whether verification of SES email identities is required. | true | bool | true, false |
| iam_users_ses_access_enable | Enables or disables IAM users' access to Amazon SES services. | true | bool | true, false |
| ses_access_policy_name | Specifies the name of the IAM policy controlling access to Amazon SES resources. | ses-access-policy | string | |
| ses_access_policy_actions | Defines the actions permitted by the IAM policy for Amazon SES resources. | ["ses:SendEmail", "ses:SendRawEmail"] | string | ["ses:SendEmail", "ses:SendRawEmail"] |
| ses_identity_email | Specifies the email identity used for sending emails via Amazon SES. | user1@example.com | string |
Output Parameters
| Output Variable Name | Description |
|---|---|
| aws_account_id | The unique AWS Account ID. |
| vpc_id | The ID of the Virtual Private Cloud (VPC). |
| subnet1_id | The ID of Subnet 1. |
| subnet2_id | The ID of Subnet 2. |
| subnet3_id | The ID of Subnet 3. |
| subnet4_id | The ID of Subnet 4. |
| subnet5_id | The ID of Subnet 5. |
| subnet6_id | The ID of Subnet 6. |
| subnet1_rt_id | The ID of the Route Table associated with Subnet 1. |
| subnet2_rt_id | The ID of the Route Table associated with Subnet 2. |
| subnet3_rt_id | The ID of the Route Table associated with Subnet 3. |
| public_dns_zone_name | The name of the Public DNS Zone. |
| public_dns_zone_id | The ID of the Public DNS Zone. |
| private_dns_zone_name | The name of the Private DNS Zone. |
| private_dns_zone_id | The ID of the Private DNS Zone. |
| ecr_repository_url | The URL of the Elastic Container Registry (ECR) repository. |
| ecr_repository_name | The name of the ECR repository. |
| eks_cluster_name | The name of the Amazon Elastic Kubernetes Service (EKS) cluster. |
| eks_cluster_endpoint | The endpoint of the EKS cluster. |
| eks_worker_node_sg_id | The ID of the Security Group associated with EKS worker nodes. |
| eks_worker_node_internal_sg_id | The ID of the Internal access Security Group associated with EKS worker nodes. |
| eks_cluster_id | The ID of the EKS cluster. |
| eks_cluster_alb_ingress_certificate_arn | The ARN of the ALB Ingress Certificate associated with the EKS cluster. |
| iam_user_names | The names of IAM users. |
| alb_public_ip | The public IP address of the Application Load Balancer (ALB). |
| redis_cluster_vpc_endpoint_dns_entry | The DNS entry of the Redis cluster's VPC endpoint. |
| redis_cluster_key_arn | The ARN of the Redis cluster's key. |
| redis_cluster_arn | The ARN of the Redis cluster. |
| redis_cluster_primary_endpoint | The primary endpoint of the Redis cluster. |
| redis_cluster_reader_endpoint | The reader endpoint of the Redis cluster. |
| redis_cluster_configuration_endpoint | The configuration endpoint of the Redis cluster. |
| sqs_fifo_queue_id | The ID of the Amazon Simple Queue Service (SQS) FIFO queue. |
| sqs_fifo_queue_arn | The ARN of the SQS FIFO queue. |
| sqs_fifo_queue_name | The name of the SQS FIFO queue. |
| sns_standard_topic_id | The ID of the Amazon Simple Notification Service (SNS) Standard Topic. |
| sns_standard_topic_arn | The ARN of the SNS Standard Topic. |
| sns_standard_topic_name | The name of the SNS Standard Topic. |
| sns_standard_topic_vpc_endpoint_dns_entry | The DNS entry of the SNS Standard Topic's VPC endpoint. |
| sns_standard_key_arn | The ARN of the Amazon SNS Standard Key. |
| elasticsearch_domain_arn | The ARN of the Elasticsearch domain. |
| elasticsearch_domain_id | The ID of the Elasticsearch domain. |
| elasticsearch_domain_name | The name of the Elasticsearch domain. |
| elasticsearch_domain_endpoint | The endpoint of the Elasticsearch domain. |
| opensearch_domain_arn | The ARN of the Amazon OpenSearch domain. |
| opensearch_domain_id | The ID of the OpenSearch domain. |
| opensearch_domain_name | The name of the OpenSearch domain. |
| opensearch_domain_endpoint | The endpoint of the OpenSearch domain. |
| nlb_dns_name | The DNS name of the Network Load Balancer (NLB). |
| nlb_arn | The ARN of the NLB. |
| dynamodb_table_name | The name of the Amazon DynamoDB table. |
| dynamodb_table_arn | The ARN of the DynamoDB table. |
| dynamodb_table_vpc_endpoint_dns_entry | The DNS entry of the DynamoDB table's VPC endpoint. |
| dynamodb_key_arn | The ARN of the DynamoDB table's key. |
| postgresql_endpoint | The endpoint of the PostgreSQL database. |
| postgresql_vpc_endpoint_dns_entry | The DNS entry of the PostgreSQL VPC endpoint. |
| s3_bucket_id | The ID of the Amazon S3 bucket. |
| s3_bucket_arn | The ARN of the S3 bucket. |
| s3_bucket_regional_domain_name | The regional domain name of the S3 bucket. |
| s3_bucket_key_arn | The ARN of the S3 bucket's key. |
| aws_api_gateway_rest_api_id | The ID of the AWS API Gateway REST API. |
| cloudfront_distribution_domain_name | The domain name of the CloudFront distribution. |
| cloudfront_distribution_arn | The ARN of the CloudFront distribution. |
| vm_public_ip | The public IP address of the virtual machine. |
| vm_private_key_secret_id | The Secret ID of the virtual machine's private key. |
| vm_public_key_secret_id | The Secret ID of the virtual machine's public key. |
| vm_sg_id | The ID of the security group associated with the virtual machine. |
| aws_access_key | AWS access key used for authentication. |
| aws_secret_key | AWS secret key used for authentication. |
| aws_region | AWS region where resources will be deployed. |
| eks_alb_group_name | The ID of the Secruity Group Name for EKS and ALB |