-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathvariables.tf
166 lines (149 loc) · 5.32 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
variable "lambda-name" {
description = "ESF Lambda function name"
type = string
}
variable "release-version" {
description = "ESF release version. You can find the possible values in https://github.com/elastic/elastic-serverless-forwarder/tags."
type = string
}
variable "aws_region" {
description = "AWS Region"
type = string
}
variable "log_level" {
description = "Log level for ESF"
type = string
default = "INFO"
}
variable "config-file-bucket" {
description = <<EOT
The name of the S3 bucket to place the config.yaml file and the dependencies zip.
If the variable is left empty, a new bucket will be created. Otherwise, the bucket needs to preexist.
EOT
type = string
default = ""
}
variable "config-file-local-path" {
description = <<EOT
Local path to the configuration file. Define this variable only if you want to specify the local configuration file. If none given, make sure to set inputs variable.
You can find instructions on how to set the configuration file in https://www.elastic.co/guide/en/esf/current/aws-deploy-elastic-serverless-forwarder.html#sample-s3-config-file.
EOT
type = string
default = ""
}
variable "inputs" {
description = <<EOT
List of inputs to ESF. If none given, make sure to set config-file-local-path variable.
You can find instructions on the variables in https://www.elastic.co/guide/en/esf/current/aws-deploy-elastic-serverless-forwarder.html#s3-config-file-fields.
EOT
type = list(object({
type = string
id = string
outputs = list(object({
type = string
args = object({
elasticsearch_url = optional(string)
logstash_url = optional(string)
cloud_id = optional(string)
api_key = optional(string)
username = optional(string)
password = optional(string)
es_datastream_name = string
batch_max_actions = optional(number)
batch_max_bytes = optional(number)
ssl_assert_fingerprint = optional(string)
compression_level = optional(string)
})
}))
}))
default = []
validation {
condition = alltrue([
for input in var.inputs :
contains(["cloudwatch-logs", "kinesis-data-stream", "sqs", "s3-sqs"], input.type)
])
error_message = "The type of trigger input needs to be one of: cloudwatch-logs, kinesis-data-stream, sqs or s3-sqs."
}
validation {
condition = alltrue([
for input in var.inputs : alltrue([
for output in input.outputs : alltrue([
contains(["elasticsearch", "logstash"], output.type)
])
])
])
error_message = "The type of output can only be elasticsearch or logstash."
}
validation {
condition = alltrue([
for input in var.inputs : alltrue([
for output in input.outputs : alltrue([
output.type == "elasticsearch" ?
(output.args.elasticsearch_url == null && output.args.cloud_id == null ? false : true) :
(output.args.logstash_url == null ? false : true)
])
])
])
error_message = "All elasticsearch outputs must contain elasticsearch_url or cloud_id. All logstash outputs must contain logstash_url."
}
validation {
condition = alltrue([
for input in var.inputs : alltrue([
for output in input.outputs : alltrue([
output.type == "elasticsearch" ?
((output.args.username == null || output.args.password == null) && output.args.api_key == null ? false : true) :
(output.args.username == null || output.args.password == null ? false : true)
])
])
])
error_message = "All elasticsearch outputs must contain api key or username and password. All logstash outputs must contain username and password."
}
}
variable "kms-keys" {
description = "List of KMS Keys ARNs to be used for decrypting AWS SSM Secrets, Kinesis Data Streams, SQS queue, or S3 buckets"
type = list(string)
default = []
}
variable "ssm-secrets" {
description = "List of SSM Secrets ARNs used in the config.yml"
type = list(string)
default = []
}
variable "s3-buckets" {
description = "List of S3 bucket ARNs that are sources for the S3 SQS Event Notifications"
type = list(string)
default = []
}
variable "vpc" {
description = "VPC to attach ESF to, identified by the list of its security group IDs and subnet IDs"
type = object({
security-groups = list(string)
subnets = list(string)
})
default = {
security-groups = []
subnets = []
}
}
variable "continuing-queue" {
description = "Custom BatchSize and MaximumBatchingWindowInSeconds for the ESF SQS Continuing queue"
type = object({
batch_size = optional(number, 10)
batching_window_in_second = optional(number, 0)
})
default = {
batch_size = 10
batching_window_in_second = 0
}
}
variable "lambda-timeout" {
description = "The amount of time your Lambda Function has to run in seconds."
type = number
default = 900
}