This repository has been archived by the owner on Sep 27, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
107 lines (89 loc) · 2.66 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
variable "create_role" {
description = "Whether to create a role"
type = bool
default = true
}
variable "role_name" {
description = "Name of IAM role"
type = string
default = "vpc-cni"
}
variable "role_path" {
description = "Path of IAM role"
type = string
default = "/delegatedadmin/developer/"
}
variable "role_permissions_boundary_arn" {
description = "Permissions boundary ARN to use for IAM role"
type = string
default = "arn:aws:iam::373346310182:policy/cms-cloud-admin/developer-boundary-policy"
}
variable "role_description" {
description = "IAM Role description"
type = string
default = null
}
variable "policy_name_prefix" {
description = "IAM policy name prefix"
type = string
default = "AmazonEKS_"
}
variable "role_policy_arns" {
description = "ARNs of any policies to attach to the IAM role"
type = map(string)
default = {}
}
variable "oidc_providers" {
description = "Map of OIDC providers where each provider map should contain the `provider`, `provider_arn`, and `namespace_service_accounts`"
type = any
default = {
one = {
provider_arn = ""
namespace_service_accounts = ["default:default"]
}
}
}
variable "tags" {
description = "A map of tags to add the the IAM role"
type = map(any)
default = {}
}
variable "force_detach_policies" {
description = "Whether policies should be detached from this role when destroying"
type = bool
default = true
}
variable "max_session_duration" {
description = "Maximum CLI/API session duration in seconds between 3600 and 43200"
type = number
default = null
}
variable "assume_role_condition_test" {
description = "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role"
type = string
default = "StringEquals"
}
variable "aws_id" {
description = "AWS Account Ids"
type = string
default = "111122223333"
}
################################################################################
# Policies
################################################################################
variable "app_name" {
description = "App name (ie. Flux, Velero, etc.)"
type = string
default = ""
}
# S3
variable "attach_s3_policy" {
description = "Determines whether to attach the S3 to the role"
type = bool
default = false
}
variable "s3_bucket_arns" {
description = "List of S3 Bucket ARNs to allow access to"
type = list(string)
default = [""]
}