-
-
Notifications
You must be signed in to change notification settings - Fork 53
/
Copy pathvariables.tf
310 lines (260 loc) · 10.1 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
variable "default_target_group_enabled" {
type = bool
default = true
description = "Enable/disable creation of the default target group"
}
variable "target_group_arn" {
type = string
default = ""
description = "Existing ALB target group ARN. If provided, set `default_target_group_enabled` to `false` to disable creation of the default target group"
}
variable "unauthenticated_listener_arns" {
type = list(string)
default = []
description = "A list of unauthenticated ALB listener ARNs to attach ALB listener rules to"
}
variable "listener_http_header_conditions" {
type = list(object({
name = string
value = list(string)
}))
default = []
description = "A list of http header conditions to apply to the listener."
}
variable "authenticated_listener_arns" {
type = list(string)
default = []
description = "A list of authenticated ALB listener ARNs to attach ALB listener rules to"
}
variable "deregistration_delay" {
type = number
default = 15
description = "The amount of time to wait in seconds while deregistering target"
}
variable "load_balancing_algorithm_type" {
type = string
default = "round_robin"
description = "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is round_robin, least_outstanding_requests or weighted_random. The default is round_robin."
}
variable "load_balancing_anomaly_mitigation" {
type = string
default = "off"
description = "Determines whether to enable target anomaly mitigation. Only supported by the weighted_random load balancing algorithm type. Valid values are 'on' or 'off'."
validation {
condition = contains(["on", "off"], var.load_balancing_anomaly_mitigation)
error_message = "load_balancing_anomaly_mitigation must be either 'on' or 'off'"
}
}
variable "health_check_enabled" {
type = bool
default = true
description = "Indicates whether health checks are enabled. Defaults to `true`"
}
variable "health_check_path" {
type = string
default = "/"
description = "The destination for the health check request"
}
variable "health_check_port" {
type = string
default = "traffic-port"
description = "The port to use to connect with the target. Valid values are either ports 1-65536, or `traffic-port`. Defaults to `traffic-port`"
}
variable "health_check_protocol" {
type = string
default = "HTTP"
description = "The protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`"
}
variable "health_check_timeout" {
type = number
default = 10
description = "The amount of time to wait in seconds before failing a health check request"
}
variable "health_check_healthy_threshold" {
type = number
default = 2
description = "The number of consecutive health checks successes required before healthy"
}
variable "health_check_unhealthy_threshold" {
type = number
default = 2
description = "The number of consecutive health check failures required before unhealthy"
}
variable "health_check_interval" {
type = number
default = 15
description = "The duration in seconds in between health checks"
}
variable "health_check_matcher" {
type = string
default = "200-399"
description = "The HTTP response codes to indicate a healthy check"
}
variable "unauthenticated_priority" {
type = number
default = null
description = "The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `authenticated_priority` since a listener can't have multiple rules with the same priority"
}
variable "authenticated_priority" {
type = number
default = null
description = "The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `unauthenticated_priority` since a listener can't have multiple rules with the same priority"
}
variable "port" {
type = number
default = 80
description = "The port for the created ALB target group (if `target_group_arn` is not set)"
}
variable "protocol" {
type = string
default = "HTTP"
description = "The protocol for the created ALB target group (if `target_group_arn` is not set)"
}
variable "protocol_version" {
type = string
default = "HTTP1"
description = "Only applicable when protocol is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is `HTTP1`, which sends requests to targets using HTTP/1.1"
}
variable "target_group_name" {
type = string
default = ""
description = "Override the target group name"
}
variable "target_type" {
type = string
default = "ip"
description = "The type (`instance`, `ip` or `lambda`) of targets that can be registered with the target group"
}
variable "vpc_id" {
type = string
description = "The VPC ID where generated ALB target group will be provisioned (if `target_group_arn` is not set)"
}
variable "unauthenticated_hosts" {
type = list(string)
default = []
description = "Unauthenticated hosts to match in Hosts header"
}
variable "authenticated_hosts" {
type = list(string)
default = []
description = "Authenticated hosts to match in Hosts header"
}
variable "unauthenticated_paths" {
type = list(string)
default = []
description = "Unauthenticated path pattern to match (a maximum of 1 can be defined)"
}
variable "authenticated_paths" {
type = list(string)
default = []
description = "Authenticated path pattern to match (a maximum of 1 can be defined)"
}
variable "authentication_type" {
type = string
default = ""
description = "Authentication type. Supported values are `COGNITO` and `OIDC`"
}
variable "authentication_cognito_user_pool_arn" {
type = string
description = "Cognito User Pool ARN"
default = ""
}
variable "authentication_cognito_user_pool_client_id" {
type = string
description = "Cognito User Pool Client ID"
default = ""
}
variable "authentication_cognito_user_pool_domain" {
type = string
description = "Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com)"
default = ""
}
variable "authentication_cognito_scope" {
type = string
description = "Cognito scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)"
default = null
}
variable "authentication_cognito_on_unauthenticated_request" {
type = string
description = "Cognito unauthenticated behavior, deny, allow, or authenticate"
default = "authenticate"
}
variable "authentication_cognito_request_extra_params" {
type = map(string)
description = "Cognito query parameters to include in redirect request"
default = null
}
variable "authentication_oidc_client_id" {
type = string
description = "OIDC Client ID"
default = ""
}
variable "authentication_oidc_client_secret" {
type = string
description = "OIDC Client Secret"
default = ""
}
variable "authentication_oidc_issuer" {
type = string
description = "OIDC Issuer"
default = ""
}
variable "authentication_oidc_authorization_endpoint" {
type = string
description = "OIDC Authorization Endpoint"
default = ""
}
variable "authentication_oidc_token_endpoint" {
type = string
description = "OIDC Token Endpoint"
default = ""
}
variable "authentication_oidc_user_info_endpoint" {
type = string
description = "OIDC User Info Endpoint"
default = ""
}
variable "authentication_oidc_scope" {
type = string
description = "OIDC scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims, and https://developers.google.com/identity/protocols/oauth2/openid-connect#scope-param for an example set of scopes when using Google as the IdP)"
default = null
}
variable "authentication_oidc_on_unauthenticated_request" {
type = string
description = "OIDC unauthenticated behavior, deny, allow, or authenticate"
default = "authenticate"
}
variable "authentication_oidc_request_extra_params" {
type = map(string)
description = "OIDC query parameters to include in redirect request"
default = null
}
variable "slow_start" {
type = number
default = 0
description = "The amount of time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is `0` seconds"
}
variable "stickiness_type" {
type = string
default = "lb_cookie"
description = "The type of sticky sessions. The possible values are `lb_cookie` or `app_cookie`"
validation {
condition = contains(["lb_cookie", "app_cookie"], var.stickiness_type)
error_message = "The only current possible values are lb_cookie and app_cookie for ALBs"
}
}
variable "stickiness_cookie_duration" {
type = number
default = 86400
description = "The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds)"
}
variable "stickiness_cookie_name" {
type = string
default = null
description = "Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when `stickiness_type` is app_cookie"
}
variable "stickiness_enabled" {
type = bool
default = true
description = "Boolean to enable / disable `stickiness`. Default is `true`"
}