-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvariables.tf
More file actions
225 lines (192 loc) · 7.46 KB
/
variables.tf
File metadata and controls
225 lines (192 loc) · 7.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
variable "name" {
type = string
description = "The storage account name"
validation {
condition = can(regex("^[a-zA-Z0-9]{3,24}$", var.name))
error_message = "Name may only contain alphanumeric characters and must be between 3-24 chars."
}
}
variable "resource_group_name" {
type = string
description = "The name of the resource group in which to create the resource in."
}
variable "location" {
description = "The Azure location/region to create resources in."
type = string
}
variable "replication_type" {
type = string
description = "Defines the type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS. Unless you have a specific reason for data without alternate site requirements you should minimum use ZRS"
default = "GRS" # GRS is the default to align with the Azure NIST/FedRAMP Policy
}
variable "diag_log_analytics_id" {
type = string
description = "ID of the Log Analytics workspace diag settings should be stored in."
}
variable "account_kind" {
type = string
description = "Account Kind for the Storage Account"
default = "Storagev2"
}
variable "account_tier" {
type = string
description = "Defines the Tier to use for this storage account. Valid options are Standard and Premium."
default = "Standard"
}
variable "static_website" {
type = map(string)
description = "Enable and configure static website on the storage account."
default = null
}
variable "virtual_network_subnet_ids" {
type = list(string)
description = "A list of resource ids for subnets to allow access to the storage account."
default = null
}
variable "ip_rules" {
type = list(string)
description = "List of public IP or IP ranges in CIDR Format. Only IPv4 addresses are allowed. Private IP address ranges are not allowed."
default = null
}
variable "private_link_access" {
type = list(string)
description = "List of the resource ids of the endpoint resource to be granted access."
default = []
}
variable "is_hns_enabled" {
type = bool
description = "Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2."
default = false
}
variable "nfsv3_enabled" {
type = bool
description = "Is NFSv3 protocol enabled."
default = false
}
variable "network_rules_bypass" {
type = list(string)
description = "Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of Logging, Metrics, AzureServices, or None."
default = null
}
variable "public_network_access_enabled" {
type = bool
description = "Whether the public network access is enabled."
default = false
}
variable "cross_tenant_replication_enabled" {
type = bool
description = "Should cross Tenant replication be enabled? Source storage account is in one AAD tenant, and the destination account is in a different tenant."
default = false
}
variable "tags" {
description = "The tags to associate with the resources."
type = map(string)
}
variable "identity_ids" {
type = list(string)
description = "Specifies a list of User Assigned Managed Identity IDs to be assigned to this Storage Account."
default = null
}
variable "storage_containers" {
type = list(string)
description = "List of storage containers to create."
default = []
}
variable "storage_shares" {
type = list(object({
name = string
quota = number
}))
description = "List of storage shares to create and their quotas."
default = []
}
variable "enable_advanced_threat_protection" {
type = bool
description = "Whether advanced threat protection is enabled."
default = false
}
variable "lifecycle_policies" {
description = "List of lifecycle policies to apply to the storage account. Refer to the documentation for more information."
type = list(object({
prefix_match = set(string)
base_blob = optional(object({
tier_to_cool_after_days_since_modification_greater_than = optional(number)
tier_to_cool_after_days_since_last_access_time_greater_than = optional(number)
tier_to_archive_after_days_since_modification_greater_than = optional(number)
tier_to_archive_after_days_since_last_access_time_greater_than = optional(number)
tier_to_archive_after_days_since_last_tier_change_greater_than = optional(number)
delete_after_days_since_modification_greater_than = optional(number)
delete_after_days_since_last_access_time_greater_than = optional(number)
}))
version = optional(object({
tier_to_cool_after_days_since_modification_greater_than = optional(number)
change_tier_to_archive_after_days_since_creation = optional(number)
tier_to_archive_after_days_since_last_tier_change_greater_than = optional(number)
change_tier_to_cool_after_days_since_creation = optional(number)
delete_after_days_since_creation = optional(number)
}))
snapshot = optional(object({
change_tier_to_archive_after_days_since_creation = optional(number)
tier_to_archive_after_days_since_last_tier_change_greater_than = optional(number)
change_tier_to_cool_after_days_since_creation = optional(number)
delete_after_days_since_creation_greater_than = optional(number)
}))
}))
default = null
}
variable "endpoint_subnet_id" {
type = string
description = "The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint."
default = null
}
variable "private_endpoint_subresource_names" {
type = list(string)
description = "Subresource name which the private endpoint is able to connect to."
default = []
}
variable "private_dns_zone_id" {
type = string
description = "The ID of the private DNS zone to link to the private endpoint if applicable."
default = null
}
### KV CMK KEY VARIABLES ###
variable "cmk_key_name" {
description = "Name of an existing Key Vault key to use for customer-managed encryption. If null, a new key will be created when enable_customer_managed_key is true."
type = string
default = null
}
variable "enable_customer_managed_key" {
description = "Enable customer-managed key encryption for the storage account"
type = bool
default = true
}
variable "cmk_key_vault_id" {
description = "The ID of the Key Vault where the CMK key is or will be stored"
type = string
default = null
}
variable "cmk_key_type" {
description = "The type of key to create for CMK. Use 'RSA-HSM' for FedRAMP High or 'RSA' for standard"
type = string
default = "RSA"
}
variable "cmk_key_size" {
description = "The size of the RSA key for CMK"
type = number
default = 4096
}
variable "cmk_rotation_policy_enabled" {
description = "Enable automatic rotation policy for the CMK key"
type = bool
default = true
}
variable "cmk_rotation_expire_after" {
description = "Duration after which the key will expire (ISO 8601 format, e.g., P180D for 180 days)"
type = string
default = "P180D"
}
variable "cmk_rotation_time_before_expiry" {
description = "Time before expiry when rotation should occur (ISO 8601 format, e.g., P30D for 30 days)"
type = string
default = "P30D"
}