-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathvariables.tf
228 lines (191 loc) · 5.32 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
variable "allowed_ips" {
description = ""
type = list(string)
}
variable "restricted_ips" {
description = ""
type = list(string)
default = []
}
variable "ami_owner_account" {
description = "AWS account ID of the AMI owner. Leave blank if you are not sure, defaults to current account."
type = string
default = ""
}
variable "ami_encrypted" {
description = "Searching for encrypted AMI's only. Default is false."
type = bool
default = false
}
variable "alb_ssl_policy" {
description = "Use of AWS latest TLS policies is best practice. The recommended predefined security policies are: ELBSecurityPolicy-2016-08, ELBSecurityPolicy-FS-2018-06, ELBSecurityPolicy-TLS-1-1-2017-01, ELBSecurityPolicy-TLS-1-2-2017-01 and ELBSecurityPolicy-TLS-1-2-Ext-2018-06."
type = string
default = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
}
variable "ui_listener_port" {
type = string
default = "443"
}
variable "ui_listener_protocol" {
type = string
default = "HTTPS"
}
variable "admin_listener_port" {
type = string
default = "8850"
}
variable "admin_listener_protocol" {
type = string
default = "HTTP"
}
variable "environment" {
type = string
}
variable "root_disk_size" {
default = "100"
}
variable "instance_type" {
type = string
default = "m5.2xlarge"
}
variable "ssh_key_name" {
description = "The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to null to not associate a Key Pair."
type = string
default = null
}
variable "common_tags" {
type = map(string)
}
variable "alb_certificate_arn" {
description = "The certificate_arn is the ARN of an ACM or IAM TLS cert to use on this listener"
type = string
}
variable "ui_target_group_port" {
default = "443"
}
variable "ui_target_group_protocol" {
default = "HTTPS"
}
variable "health_check_path" {
default = "/"
}
variable "health_check_port" {
default = "443"
}
variable "health_check_protocol" {
default = "HTTPS"
}
variable "health_check_timeout" {
default = 15
}
variable "health_check_matcher" {
default = "200"
}
variable "alb_internal" {
type = bool
default = false
}
variable "alb_deletion_protection" {
type = bool
default = false
}
variable "alb_logs_s3_prefix" {
default = "tableau"
}
variable "alb_logs_s3_enabled" {
type = bool
default = true
}
variable "force_destroy" {
type = bool
default = false
}
variable "suffix" {
default = "green"
}
variable "data_volume_size" {
default = "100"
description = "Size in Gigs of the tableau data volume"
}
variable "data_volume_iops" {
default = 0
}
variable "data_volume_type" {
default = "gp2"
description = "The type of ebs volume type. e.g. gp2, io1, st1, sc1"
}
variable "asg_min_size" {
type = number
default = 1
}
variable "asg_max_size" {
type = number
default = 1
}
variable "asg_desired_capacity" {
type = number
default = 1
}
variable "licences_key_1" {
type = string
default = ""
}
variable "licences_key_2" {
type = string
default = ""
}
variable "licences_key_3" {
type = string
default = ""
}
variable "admin_password" {
description = "Web UI admin password of the default user. Must be 8 alphanumeric 8 characters."
type = string
}
variable "server_password" {
description = "The tableau user is created on the Linux operating system by defualt, you can set the password here. To use the TSM you will need to switch to this user. Must be 8 alphanumeric 8 characters."
type = string
}
locals {
alb_bucket_name = "tableau-${var.suffix}-${lower(var.environment)}-${data.aws_caller_identity.current.account_id}-alb-access-logs"
vpc_sg_map = zipmap(data.aws_security_group.vpc_sg.*.name, data.aws_security_group.vpc_sg.*.id)
ami_name = var.ami_encrypted ? "ENC-TABLEAU-*" : "TABLEAU-*"
ami_owner = var.ami_owner_account != "" ? var.ami_owner_account : data.aws_caller_identity.current.account_id
parameter_prefix = "/${var.environment}/${var.suffix}"
# TABLEAU LICENCE KEYS. Stored in SSM Parameter but is ignored if value is empty.
licences_1_param = [{
name = "${local.parameter_prefix}/tableau/licences/1"
type = "SecureString"
value = var.licences_key_1
description = "Production Tableau licence key 1"
overwrite = false
}]
licences_2_param = [{
name = "${local.parameter_prefix}/tableau/licences/2"
type = "SecureString"
value = var.licences_key_2
description = "Production Tableau licence key 2"
overwrite = false
}]
licences_3_param = [{
name = "${local.parameter_prefix}/tableau/licences/3"
type = "SecureString"
value = var.licences_key_3
description = "Production Tableau licence key 3"
overwrite = false
}]
admin_password_param = [{
name = "${local.parameter_prefix}/tableau/users/admin_password"
type = "SecureString"
value = var.admin_password
description = "Tableau web admin password"
overwrite = false
}]
server_password_param = [{
name = "${local.parameter_prefix}/tableau/users/server_password"
type = "SecureString"
value = var.server_password
description = "Tableau cmd server password"
overwrite = false
}]
}