/*
* REVVOPS A2G AWS AIR GAP V6.1
*
* CONFIGURATION VARIABLES
*
* Any variable can also be set upon command line invocation of the
* Terraform 'plan' and 'apply' subcommands using the following form:
*
* -var 'variable_name=value'
*
* and further via environment variables using the form:
*
* TF_VAR_variable_name=value
*
*/
variable "region" {
# Provide a value via the command line, an environment variable or
# uncomment and supply a value in the 'default =' line below:
description = "Region Code (Required)"
# default = ""
# Region Code
# US East N. Virginia us-east-1
# US East Ohio us-east-2
# US West N. California us-west-1
# US West Oregon us-west-2
# Africa Cape Town af-south-1
# Asia Pacific Hong Kong ap-east-1
# Asia Pacific Mumbai ap-south-1
# Asia Pacific Seoul ap-northeast-2
# Asia Pacific Singapore ap-southeast-1
# Asia Pacific Sydney ap-southeast-2
# Asia Pacific Tokyo ap-northeast-1
# Canada Central ca-central-1
# Europe Frankfurt eu-central-1
# Europe Ireland eu-west-1
# Europe London eu-west-2
# Europe Milan eu-south-1
# Europe Paris eu-west-3
# Europe Stockholm eu-north-1
# Middle East Bahrain me-south-1
# South America Sao Paulo sa-east-1
}
variable "access_key" {
# Provide a value via the command line, an environment variable or
# uncomment and supply a value in the 'default =' line below:
description = "IAM access key (Required)"
# default = ""
}
variable "secret_key" {
# Provide a value via the command line, an environment variable or
# uncomment and supply a value in the 'default =' line below:
description = "Mandatory IAM secret key (Required)"
# default = ""
}
variable "air_gap" {
# When a public subnet is air gapped by setting air_gap to true, it's internet
# gateway is removed, effectively turning it into a private subnet whilst
# the air gap remains in place. Any public IP addresses of resources launched
# into a public subnet before this will remain allocated to those resources,
# but will be totally isolated from the internet; neither being reachable from
# nor being able to send traffic to, the internet.
description = "Flag controlling the air gapping of your public subnets"
default = false
}
variable "air_gap_only_public_subnet" {
# If set to true only the public subnet whose index is set in
# air_gap_only_public_subnet_index will be air gapped. If set to false only
# the public subnet whose index is set in air_gap_only_public_subnet_index
# will have the air gap lifted. However, this variable will be ignored
# if air_gap_only_public_subnet_index is set to -1. For this variable to
# to take effect, air_gap_only_public_subnet_index must be set to a valid
# index value of a public subnet defined in the public_subnets list, so it
# must contain an integer value of zero of greater.
description = "Flag controlling air gappinng for just one public subnet"
default = false
}
variable "air_gap_only_public_subnet_index" {
# Supplying the zero indexed value of a public subnet defined in
# the public_subnets list will ensure that only that public subnet
# is air gapped when air_gap_only_public_subnet is set to true and
# conversely that only that public subnet has the air gap removed if
# air_gap_only_public_subnet is set to false. However, if
# air_gap_only_public_subnet_index is set to the default of -1,
# air_gap_only_public_subnet has no effect.
description = "Index of public subnet defined in the public_subnets list"
default = "-1"
}
variable "a2g_vpc_cidr" {
# A2G works with a custom VPC as opposed to the default VPC. Use this variable
# to configure the CIDR block of the custom VPC that A2G will create and work
# with.
description = "Custom VPC IPv4 CIDR block"
default = "192.168.0.0/16"
}
variable "a2g_vpc_tag_name" {
description = "A2G VPC tag"
default = "REVVOPS-A2G-VPC"
}
variable "public_subnets" {
# These CIDR blocks should be allocated from within the range specified by
# a2g_vpc_cidr. If defining just a single public subnet, its CIDR block
# should still be specified using the same list notation, for example:
# default = ["192.168.2.0/24"]
description = "Public subnet(s) IPv4 CIDR block(s)"
default = ["192.168.2.0/24", "192.168.4.0/24", "192.168.6.0/24", "192.168.8.0/24"]
}
variable "public_subnets_tag_base_name" {
description = "Prefix string to form tag, appended by order in public_subnets"
default = "REVVOPS-A2G-PUBLIC-SUBNET-"
}
variable "public_subnets_availability_zones" {
# Using the same list positions corresponding to the CIDR blocks in
# public_subnets, specify availability zones for your public subnets
# by using 0 for a, 1 for b and so on.
description = "Availability zones for public_subnets"
default = [0, 1, 0, 1]
}
variable "private_subnets" {
# These CIDR blocks should be allocated from within the range specified by
# a2g_vpc_cidr. If defining just a single private subnet, its CIDR block
# should still be specified using the same list notation, for example:
# default = ["192.168.1.0/24"]
description = "Private subnet(s) IPv4 CIDR block(s)"
default = ["192.168.1.0/24", "192.168.3.0/24", "192.168.5.0/24", "192.168.7.0/24"]
}
variable "private_subnets_tag_base_name" {
description = "Prefix string to form tag, appended by order in private_subnets"
default = "REVVOPS-A2G-PRIVATE-SUBNET-"
}
variable "private_subnets_availability_zones" {
# Using the same list positions corresponding to the CIDR blocks in
# private_subnets, specify availability zones for your private subnets
# by using 0 for a, 1 for b and so on.
description = "Availability zones for private_subnets"
default = [0, 1, 0, 1]
}
variable "virtual_firewall_level" {
description = "Reserved"
default = "[air_gap, user1, user2, honeypot, wide_open]"
}
/*
resource "aws_network_acl_rule" "a2g_nacl_rule_1" {
description = "Reserved"
}
resource "aws_network_acl_rule" "a2g_nacl_rule_2" {
description = "Reserved"
}
resource "aws_network_acl_rule" "a2g_nacl_rule_3" {
description = "Reserved"
}
resource "aws_network_acl_rule" "a2g_nacl_rule_4" {
description = "Reserved"
}
resource "aws_security_group_rule" "a2g_sg_rule_1" {
description = "Reserved"
}
resource "aws_security_group_rule" "a2g_sg_rule_2" {
description = "Reserved"
}
resource "aws_security_group_rule" "a2g_sg_rule_3" {
description = "Reserved"
}
resource "aws_security_group_rule" "a2g_sg_rule_4" {
description = "Reserved"
}
*/