This repository has been archived by the owner on Jun 22, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
variables.tf
134 lines (111 loc) · 4.39 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
variable "create_resource_group" {
description = "Whether to create resource group and use it for all networking resources"
default = true
}
variable "resource_group_name" {
description = "A container that holds related resources for an Azure solution"
default = ""
}
variable "location" {
description = "The location/region to keep all your network resources. To get the list of all locations with table format from azure cli, run 'az account list-locations -o table'"
default = ""
}
variable "hub_vnet_name" {
description = "The name of the virtual network"
default = ""
}
variable "vnet_address_space" {
description = "The address space to be used for the Azure virtual network."
default = ["10.0.0.0/16"]
}
variable "create_ddos_plan" {
description = "Create an ddos plan - Default is false"
default = true
}
variable "dns_servers" {
description = "List of dns servers to use for virtual network"
default = []
}
variable "create_network_watcher" {
description = "Controls if Network Watcher resources should be created for the Azure subscription"
default = true
}
variable "subnets" {
description = "For each subnet, create an object that contain fields"
default = {}
}
variable "private_dns_zone_name" {
description = "The name of the Private DNS zone"
default = null
}
variable "log_analytics_workspace_sku" {
description = "The Sku of the Log Analytics Workspace. Possible values are Free, PerNode, Premium, Standard, Standalone, Unlimited, and PerGB2018"
default = "PerGB2018"
}
variable "log_analytics_logs_retention_in_days" {
description = "The log analytics workspace data retention in days. Possible values range between 30 and 730."
default = 30
}
variable "nsg_diag_logs" {
description = "NSG Monitoring Category details for Azure Diagnostic setting"
default = ["NetworkSecurityGroupEvent", "NetworkSecurityGroupRuleCounter"]
}
variable "firewall_service_endpoints" {
description = "Service endpoints to add to the firewall subnet"
type = list(string)
default = [
"Microsoft.AzureActiveDirectory",
"Microsoft.AzureCosmosDB",
"Microsoft.EventHub",
"Microsoft.KeyVault",
"Microsoft.ServiceBus",
"Microsoft.Sql",
"Microsoft.Storage",
]
}
variable "public_ip_names" {
description = "Public ips is a list of ip names that are connected to the firewall. At least one is required."
type = list(string)
default = ["fw-public"]
}
variable "gateway_subnet_address_prefix" {
description = "The address prefix to use for the gateway subnet"
default = null
}
variable "firewall_subnet_address_prefix" {
description = "The address prefix to use for the Firewall subnet"
default = []
}
variable "firewall_zones" {
description = "A collection of availability zones to spread the Firewall over"
type = list(string)
default = null
}
variable "firewall_application_rules" {
description = "List of application rules to apply to firewall."
type = list(object({ name = string, action = string, source_addresses = list(string), target_fqdns = list(string), protocol = object({ type = string, port = string }) }))
default = []
}
variable "firewall_network_rules" {
description = "List of network rules to apply to firewall."
type = list(object({ name = string, action = string, source_addresses = list(string), destination_ports = list(string), destination_addresses = list(string), protocols = list(string) }))
default = []
}
variable "firewall_nat_rules" {
description = "List of nat rules to apply to firewall."
type = list(object({ name = string, action = string, source_addresses = list(string), destination_ports = list(string), destination_addresses = list(string), protocols = list(string), translated_address = string, translated_port = string }))
default = []
}
variable "fw_pip_diag_logs" {
description = "Firewall Public IP Monitoring Category details for Azure Diagnostic setting"
default = ["DDoSProtectionNotifications", "DDoSMitigationFlowLogs", "DDoSMitigationReports"]
}
variable "fw_diag_logs" {
description = "Firewall Monitoring Category details for Azure Diagnostic setting"
default = ["AzureFirewallApplicationRule", "AzureFirewallNetworkRule", "AzureFirewallDnsProxy"]
}
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
}