From 52fe0ca1218b2b8f23bb6b5d8cb72f51b1ace7e1 Mon Sep 17 00:00:00 2001 From: Zachary Hill Date: Fri, 25 Oct 2024 12:44:37 -0600 Subject: [PATCH] Velocloud_sdwan_module (#63) * initial copy of velocloud module * updates for velocloud * Continuous Integration - terraform fmt and terraform-docs * updated readme with link * renaming cato to velo * Continuous Integration - terraform fmt and terraform-docs * added new variables to ssh and snmp security groups * Continuous Integration - terraform fmt and terraform-docs * removed searching for the AMI in favor of data source * Continuous Integration - terraform fmt and terraform-docs * added new user_data script and license variables * terraform fmt * Continuous Integration - terraform fmt and terraform-docs * updated readme with proper example * added comment and tfsec exclusion * renaming the subnet id to subnet ids * Continuous Integration - terraform fmt and terraform-docs * changed the default to not include IP addresses * Continuous Integration - terraform fmt and terraform-docs * changing key_name to optional * changed description for key_name to include default * Continuous Integration - terraform fmt and terraform-docs * expanded validation to 19 characters * corrected the activation key validation * fixed cato named sg * fixing ami lookup * changing the ami filter * Continuous Integration - terraform fmt and terraform-docs * adding the owner filter * Continuous Integration - terraform fmt and terraform-docs * removed an unused argument in the data ami source * reordering the nics * reordering the nic order for velocloud * switching the mgmt subnet to the public subnet * moving mgmt nic * going down to a single nic * added a second EIP for the mgmt nic * Continuous Integration - terraform fmt and terraform-docs * removed unused variable and testing without private nic * Continuous Integration - terraform fmt and terraform-docs * commented out private output * Continuous Integration - terraform fmt and terraform-docs * updated outputs with correct order and new mgmt * Continuous Integration - terraform fmt and terraform-docs * fixes to user_data script * testing base64 encoding * matching with the AWS Marketplace * Continuous Integration - terraform fmt and terraform-docs * updated pr request template * tweaks to improve and match the cloudformation template * Continuous Integration - terraform fmt and terraform-docs * modified to no longer encode user_data * fixed user_data argument * added hibernation argument * Continuous Integration - terraform fmt and terraform-docs * added source_dest_check argument to the instance * removed source_dest_check from the instance * transitioning to attachment of the nic * cleanup * added name to the eip * Continuous Integration - terraform fmt and terraform-docs * reconfiguring the nic order to match mettel * Continuous Integration - terraform fmt and terraform-docs * corrected the missing mgmt output * Continuous Integration - terraform fmt and terraform-docs * going back to the network_interface block * expanding splat * reverting back to the original cloudformation template * Continuous Integration - terraform fmt and terraform-docs * removed unused comment * removed incorrect device attachment on mgmt * removing mgmt ip address * Continuous Integration - terraform fmt and terraform-docs * removed outputs for mgmt EIPs * Continuous Integration - terraform fmt and terraform-docs * matching the network_interface attachment - Cloudformation has the network interfaces added at the time of the instance creation * Continuous Integration - terraform fmt and terraform-docs * updated user_data.sh and main.tf for velocloud module * removed extra space * changing the user_data file extension to .tftpl * added echo for validating whether the configuration worked * added echo command to both user_data_manual.tftpl and user_data.tftpl * removed user_data_manual.tftpl added var.user_data * Continuous Integration - terraform fmt and terraform-docs * converting user_data to base64 for velocloud module * back to utf-8 --------- Co-authored-by: zachreborn --- .github/pull_request_template.md | 22 +- modules/aws/ebs_volume/README.md | 2 +- modules/aws/ec2_domain_controller/README.md | 2 +- modules/aws/flow_logs/README.md | 2 +- modules/aws/fsx/README.md | 4 +- modules/aws/iam/group/README.md | 2 +- modules/aws/iam/policy/README.md | 2 +- modules/aws/iam/role/README.md | 2 +- modules/aws/iam/saml_provider/README.md | 2 +- modules/aws/identity_center/group/README.md | 2 +- modules/aws/identity_center/user/README.md | 2 +- modules/aws/keypair/README.md | 2 +- modules/aws/kinesis_firehose/README.md | 2 +- modules/aws/kms/README.md | 2 +- modules/aws/lambda/README.md | 2 +- modules/aws/launch_template/README.md | 18 +- .../aws/organizations/organization/README.md | 2 +- modules/aws/organizations/ou/README.md | 2 +- modules/aws/rds/cluster_instance/README.md | 2 +- modules/aws/route53/dnssec/README.md | 2 +- .../aws/route53/registered_domain/README.md | 10 +- modules/aws/route53/zone/README.md | 4 +- modules/aws/s3/bucket/README.md | 2 +- modules/aws/transfer_family/README.md | 6 +- modules/aws/transit_gateway/README.md | 2 +- .../aws/transit_gateway_attachment/README.md | 2 +- modules/aws/transit_gateway_connect/README.md | 2 +- .../transit_gateway_connect_peer/README.md | 2 +- modules/aws/vendor/cato_sdwan/README.md | 8 +- modules/aws/vendor/corelight/README.md | 2 +- .../aws/vendor/fortigate_firewall/README.md | 8 +- modules/aws/vendor/silverpeak/README.md | 2 +- modules/aws/vendor/velocloud/README.md | 231 +++++++++++++++ modules/aws/vendor/velocloud/main.tf | 267 ++++++++++++++++++ modules/aws/vendor/velocloud/outputs.tf | 23 ++ modules/aws/vendor/velocloud/user_data.tftpl | 9 + modules/aws/vendor/velocloud/variables.tf | 235 +++++++++++++++ modules/aws/vpc/README.md | 16 +- .../vpc_peering_connection_accepter/README.md | 2 +- modules/aws/vpn/README.md | 16 +- .../named_location/README.md | 4 +- modules/azuread/group/README.md | 2 +- modules/bootstrapping/aws/README.md | 2 +- modules/services/aws_backup/README.md | 2 +- modules/services/siem/README.md | 8 +- modules/vsphere/datacenter/README.md | 2 +- modules/vsphere/folder/README.md | 2 +- 47 files changed, 861 insertions(+), 88 deletions(-) create mode 100755 modules/aws/vendor/velocloud/README.md create mode 100644 modules/aws/vendor/velocloud/main.tf create mode 100644 modules/aws/vendor/velocloud/outputs.tf create mode 100644 modules/aws/vendor/velocloud/user_data.tftpl create mode 100644 modules/aws/vendor/velocloud/variables.tf diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index d6ed64d7..72c15310 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,12 +1,20 @@ # Description + +A brief description of the changes introduced by this Pull Request. - - +## Issue or Ticket + +Fixes #000 -# TODOs +## Type of change + +- [ ] Bugfix +- [ ] New feature +- [ ] Version update +## TODOs + +- [ ] Validate your code matches the style of the project. - [ ] Update the docs. -- [ ] All tests run successfull, including pre-commit checks. -- [ ] Include release notes and description. +- [ ] Validate all tests run successfull, including pre-commit checks. +- [ ] Include release notes and description. This should include both a summary of the changes and any necessary context. diff --git a/modules/aws/ebs_volume/README.md b/modules/aws/ebs_volume/README.md index b1e2a2ba..b5d792e4 100644 --- a/modules/aws/ebs_volume/README.md +++ b/modules/aws/ebs_volume/README.md @@ -133,7 +133,7 @@ No modules. | [skip\_destroy](#input\_skip\_destroy) | (Optional, Boolean) Set this to true if you do not wish to detach the volume from the instance to which it is attached at destroy time, and instead just remove the attachment from Terraform state. This is useful when destroying an instance which has volumes created by some other means attached. | `bool` | `false` | no | | [snapshot\_id](#input\_snapshot\_id) | (Optional) A snapshot to base the EBS volume off of. | `string` | `null` | no | | [stop\_instance\_before\_detaching](#input\_stop\_instance\_before\_detaching) | (Optional, Boolean) Set this to true to ensure that the target instance is stopped before trying to detach the volume. Stops the instance, if it is not already stopped. | `bool` | `false` | no | -| [tags](#input\_tags) | (Optional) A map of tags to assign to the resource. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A map of tags to assign to the resource. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "terraform": "true"
}
| no | | [throughput](#input\_throughput) | (Optional) The throughput that the volume supports, in MiB/s. Only valid for type of gp3. | `number` | `null` | no | | [type](#input\_type) | (Optional) The type of EBS volume. Can be standard, gp2, gp3, io1, io2, sc1 or st1 (Default: gp3). | `string` | `"gp3"` | no | diff --git a/modules/aws/ec2_domain_controller/README.md b/modules/aws/ec2_domain_controller/README.md index d286adf9..43cf90ab 100644 --- a/modules/aws/ec2_domain_controller/README.md +++ b/modules/aws/ec2_domain_controller/README.md @@ -209,7 +209,7 @@ No modules. | [root\_volume\_type](#input\_root\_volume\_type) | (Optional) The type of volume. Can be standard, gp2, gp3 or io1. (Default: standard) | `string` | `"gp3"` | no | | [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true. | `bool` | `true` | no | | [subnet\_id](#input\_subnet\_id) | (Required) The VPC subnet(s) the instance(s) will be assigned and launched in. | `list(string)` | n/a | yes | -| [tags](#input\_tags) | (Optional) Map of tags to assign to the resource. Note that these tags apply to the instance and not block storage devices. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) Map of tags to assign to the resource. Note that these tags apply to the instance and not block storage devices. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | 
{
  "terraform": "true"
}
| no | | [tenancy](#input\_tenancy) | (Optional) Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command. Valid values are default, dedicated, and host. | `string` | `"default"` | no | | [user\_data](#input\_user\_data) | (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user\_data\_replace\_on\_change is set then updates to this field will trigger a destroy and recreate. | `string` | `null` | no | | [vpc\_id](#input\_vpc\_id) | (Required) The ID of the VPC to which we would like to associate a DHCP Options Set. | `string` | n/a | yes | diff --git a/modules/aws/flow_logs/README.md b/modules/aws/flow_logs/README.md index 99cd7047..cd7d9d01 100644 --- a/modules/aws/flow_logs/README.md +++ b/modules/aws/flow_logs/README.md @@ -135,7 +135,7 @@ No modules. | [key\_is\_enabled](#input\_key\_is\_enabled) | (Optional) Specifies whether the key is enabled. Defaults to true. | `string` | `true` | no | | [key\_name\_prefix](#input\_key\_name\_prefix) | (Optional) Creates an unique alias beginning with the specified prefix. The name must start with the word alias followed by a forward slash (alias/). | `string` | `"alias/flow_logs_key_"` | no | | [key\_usage](#input\_key\_usage) | (Optional) Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | 
{
  "created_by": "",
  "environment": "prod",
  "priority": "high",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | 
{
  "created_by": "",
  "environment": "prod",
  "priority": "high",
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/aws/fsx/README.md b/modules/aws/fsx/README.md index 6e510a4d..d33fe48c 100644 --- a/modules/aws/fsx/README.md +++ b/modules/aws/fsx/README.md @@ -121,7 +121,7 @@ No modules. | [daily\_automatic\_backup\_start\_time](#input\_daily\_automatic\_backup\_start\_time) | (Optional) The preferred time (in HH:MM format) to take daily automatic backups, in the UTC time zone. | `string` | `"23:59"` | no | | [deletion\_window\_in\_days](#input\_deletion\_window\_in\_days) | (Optional) Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days. | `number` | `30` | no | | [deployment\_type](#input\_deployment\_type) | (Optional) Specifies the file system deployment type, valid values are MULTI\_AZ\_1, SINGLE\_AZ\_1 and SINGLE\_AZ\_2. Default value is SINGLE\_AZ\_1. | `string` | `"SINGLE_AZ_1"` | no | -| [dns\_ips](#input\_dns\_ips) | (Required) A list of up to two IP addresses of DNS servers or domain controllers in the self-managed AD directory. The IP addresses need to be either in the same VPC CIDR range as the file system or in the private IP version 4 (IPv4) address ranges as specified in RFC 1918. | `list(string)` | 
[
  "10.11.1.100",
  "10.11.2.100"
]
| no | +| [dns\_ips](#input\_dns\_ips) | (Required) A list of up to two IP addresses of DNS servers or domain controllers in the self-managed AD directory. The IP addresses need to be either in the same VPC CIDR range as the file system or in the private IP version 4 (IPv4) address ranges as specified in RFC 1918. | `list(string)` | 
[
  "10.11.1.100",
  "10.11.2.100"
]
| no | | [domain\_name](#input\_domain\_name) | (Required) The fully qualified domain name of the self-managed AD directory. For example, corp.example.com. | `string` | n/a | yes | | [enable\_audit\_logs](#input\_enable\_audit\_logs) | Determines count for cloudwatch log group, IAM policy, and IAM role. Defaults to true and enters a count of 1 to create resources. | `bool` | `true` | no | | [enable\_key\_rotation](#input\_enable\_key\_rotation) | (Optional) Specifies whether key rotation is enabled. Defaults to false. | `bool` | `true` | no | @@ -143,7 +143,7 @@ No modules. | [storage\_capacity](#input\_storage\_capacity) | (Optional) Storage capacity (GiB) of the file system. Minimum of 32 and maximum of 65536. If the storage type is set to HDD the minimum value is 2000. Required when not creating filesystem for a backup. | `number` | `2000` | no | | [storage\_type](#input\_storage\_type) | (Optional) Specifies the storage type, Valid values are SSD and HDD. HDD is supported on SINGLE\_AZ\_2 and MULTI\_AZ\_1 Windows file system deployment types. Default value is SSD. | `string` | `"SSD"` | no | | [subnet\_ids](#input\_subnet\_ids) | (Required) A list of IDs for the subnets that the file system will be accessible from. To specify more than a single subnet set deployment\_type to MULTI\_AZ\_1. | `list(any)` | n/a | yes | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(string)` | 
{
  "created_by": "",
  "environment": "prod",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(string)` | 
{
  "created_by": "",
  "environment": "prod",
  "terraform": "true"
}
| no | | [throughput\_capacity](#input\_throughput\_capacity) | (Required) Throughput (megabytes per second) of the file system in power of 2 increments. Minimum of 8 and maximum of 2048. | `number` | `64` | no | | [username](#input\_username) | (Required) The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain. | `string` | n/a | yes | | [weekly\_maintenance\_start\_time](#input\_weekly\_maintenance\_start\_time) | (Optional) The preferred start time (in d:HH:MM format) to perform weekly maintenance, in the UTC time zone. | `string` | `"1:01:00"` | no | diff --git a/modules/aws/iam/group/README.md b/modules/aws/iam/group/README.md index 430fad3f..41b49e20 100644 --- a/modules/aws/iam/group/README.md +++ b/modules/aws/iam/group/README.md @@ -113,7 +113,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [groups](#input\_groups) | (Required) - A map of groups to create. The key is the name of the group, and the value is a map of the group configuration. | 
map(object({
    policy_arns = set(string)
  }))
| n/a | yes | +| [groups](#input\_groups) | (Required) - A map of groups to create. The key is the name of the group, and the value is a map of the group configuration. | 
map(object({
    policy_arns = set(string)
  }))
| n/a | yes | ## Outputs diff --git a/modules/aws/iam/policy/README.md b/modules/aws/iam/policy/README.md index 8d04eb69..fb3b1a48 100644 --- a/modules/aws/iam/policy/README.md +++ b/modules/aws/iam/policy/README.md @@ -111,7 +111,7 @@ No modules. | [name\_prefix](#input\_name\_prefix) | (Required) The prefix used to generate a unique name of the policy. If omitted, Terraform will assign a random, unique name. Changes to the name will force the creation of a new resource. | `string` | n/a | yes | | [path](#input\_path) | (Optional) Path in which to create the policy. See IAM Identifiers for more information. Defaults to `/`. | `string` | `"/"` | no | | [policy](#input\_policy) | (Required) The policy document. This is a JSON formatted string. The heredoc syntax, file function, or the aws\_iam\_policy\_document data source are all helpful here. | `string` | n/a | yes | -| [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM policy. | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM policy. | `map(string)` | 
{
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/aws/iam/role/README.md b/modules/aws/iam/role/README.md index ebf7ba89..49c15652 100644 --- a/modules/aws/iam/role/README.md +++ b/modules/aws/iam/role/README.md @@ -120,7 +120,7 @@ No modules. | [path](#input\_path) | (Optional) The path to the role. | `string` | `"/"` | no | | [permissions\_boundary](#input\_permissions\_boundary) | (Optional) The ARN of the policy that is used to set the permissions boundary for the role. | `string` | `null` | no | | [policy\_arns](#input\_policy\_arns) | (Required) - A list of ARNs of the policies which you want attached to the role. | `list(string)` | n/a | yes | -| [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM role. | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM role. | `map(string)` | 
{
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/aws/iam/saml_provider/README.md b/modules/aws/iam/saml_provider/README.md index 678af7cb..595c7f2e 100644 --- a/modules/aws/iam/saml_provider/README.md +++ b/modules/aws/iam/saml_provider/README.md @@ -108,7 +108,7 @@ No modules. |------|-------------|------|---------|:--------:| | [name](#input\_name) | (Required) The name of the provider to create. | `string` | n/a | yes | | [saml\_metadata\_document](#input\_saml\_metadata\_document) | (Required) An XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes | -| [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM SAML provider. | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A map of tags to assign to the IAM SAML provider. | `map(string)` | 
{
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/aws/identity_center/group/README.md b/modules/aws/identity_center/group/README.md index 9e98760c..c1359276 100755 --- a/modules/aws/identity_center/group/README.md +++ b/modules/aws/identity_center/group/README.md @@ -115,7 +115,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [groups](#input\_groups) | (Required) The list of groups to create. | 
map(object({
    display_name = string # (Required) The friendly name to identify the group.
    description  = string # (Optional) The description of the group.
  }))
| n/a | yes | +| [groups](#input\_groups) | (Required) The list of groups to create. | 
map(object({
    display_name = string # (Required) The friendly name to identify the group.
    description  = string # (Optional) The description of the group.
  }))
| n/a | yes | ## Outputs diff --git a/modules/aws/identity_center/user/README.md b/modules/aws/identity_center/user/README.md index eef614e0..20a5f975 100755 --- a/modules/aws/identity_center/user/README.md +++ b/modules/aws/identity_center/user/README.md @@ -117,7 +117,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [users](#input\_users) | (Required) The list of users to create. | 
map(object({
    display_name = string # (Required) The friendly name to identify the user.
    given_name   = string # (Required) The given name of the user.
    family_name  = string # (Required) The family name of the user.
    user_name    = string # (Required) The username of the user.

    honorific_prefix = optional(string) # (Optional) The honorific prefix of the user.
    honorific_suffix = optional(string) # (Optional) The honorific suffix of the user.
    middle_name      = optional(string) # (Optional) The middle name of the user.
    nickname         = optional(string) # (Optional) The nickname of the user.

    email                   = optional(string) # (Optional) The email address of the user.
    email_is_primary        = optional(bool)   # (Optional) Indicates whether the email address is the primary email address of the user.
    email_type              = optional(string) # (Optional) The type of the email address of the user.
    phone_number            = optional(string) # (Optional) The phone number of the user.
    phone_number_is_primary = optional(bool)   # (Optional) Indicates whether the phone number is the primary phone number of the user.
    phone_number_type       = optional(string) # (Optional) The type of the phone number of the user.

    preferred_language = optional(string) # (Optional) The user's preferred language.
    timezone           = optional(string) # (Optional) The user's time zone.
    title              = optional(string) # (Optional) The user's title.
    user_type          = optional(string) # (Optional) The type of the user.
  }))
| n/a | yes | +| [users](#input\_users) | (Required) The list of users to create. | 
map(object({
    display_name = string # (Required) The friendly name to identify the user.
    given_name   = string # (Required) The given name of the user.
    family_name  = string # (Required) The family name of the user.
    user_name    = string # (Required) The username of the user.

    honorific_prefix = optional(string) # (Optional) The honorific prefix of the user.
    honorific_suffix = optional(string) # (Optional) The honorific suffix of the user.
    middle_name      = optional(string) # (Optional) The middle name of the user.
    nickname         = optional(string) # (Optional) The nickname of the user.

    email                   = optional(string) # (Optional) The email address of the user.
    email_is_primary        = optional(bool)   # (Optional) Indicates whether the email address is the primary email address of the user.
    email_type              = optional(string) # (Optional) The type of the email address of the user.
    phone_number            = optional(string) # (Optional) The phone number of the user.
    phone_number_is_primary = optional(bool)   # (Optional) Indicates whether the phone number is the primary phone number of the user.
    phone_number_type       = optional(string) # (Optional) The type of the phone number of the user.

    preferred_language = optional(string) # (Optional) The user's preferred language.
    timezone           = optional(string) # (Optional) The user's time zone.
    title              = optional(string) # (Optional) The user's title.
    user_type          = optional(string) # (Optional) The type of the user.
  }))
| n/a | yes | ## Outputs diff --git a/modules/aws/keypair/README.md b/modules/aws/keypair/README.md index 9542dc21..ef8310d7 100644 --- a/modules/aws/keypair/README.md +++ b/modules/aws/keypair/README.md @@ -120,7 +120,7 @@ No modules. |------|-------------|------|---------|:--------:| | [key\_name\_prefix](#input\_key\_name\_prefix) | (Required) Name prefix, used to generate unique keypair name used with AWS services | `string` | n/a | yes | | [public\_key](#input\_public\_key) | (Required) The public key material. | `string` | n/a | yes | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(string)` | 
{
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/aws/kinesis_firehose/README.md b/modules/aws/kinesis_firehose/README.md index 9bcd5265..c92de970 100644 --- a/modules/aws/kinesis_firehose/README.md +++ b/modules/aws/kinesis_firehose/README.md @@ -140,7 +140,7 @@ No modules. | [s3\_lifecycle\_id](#input\_s3\_lifecycle\_id) | (Optional) Unique identifier for the rule. Must be less than or equal to 255 characters in length. | `string` | `"delete_after_7_days"` | no | | [s3\_lifecycle\_prefix](#input\_s3\_lifecycle\_prefix) | (Optional) Object key prefix identifying one or more objects to which the rule applies. | `string` | `""` | no | | [s3\_policy](#input\_s3\_policy) | (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | `string` | `""` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | 
{
  "created_by": "",
  "environment": "prod",
  "priority": "low",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | 
{
  "created_by": "",
  "environment": "prod",
  "priority": "low",
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/aws/kms/README.md b/modules/aws/kms/README.md index ff24caa9..3cc0046f 100644 --- a/modules/aws/kms/README.md +++ b/modules/aws/kms/README.md @@ -114,7 +114,7 @@ No modules. | [key\_usage](#input\_key\_usage) | (Optional) Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no | | [name](#input\_name) | (Optional) The display name of the alias. The name must start with the word 'alias' followed by a forward slash | `string` | n/a | yes | | [policy](#input\_policy) | (Optional) A valid policy JSON document. | `string` | `null` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map` | 
{
  "created_by": "terraform",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map` | 
{
  "created_by": "terraform",
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/aws/lambda/README.md b/modules/aws/lambda/README.md index 9ae9a336..253c4d8b 100644 --- a/modules/aws/lambda/README.md +++ b/modules/aws/lambda/README.md @@ -122,7 +122,7 @@ No modules. | [runtime](#input\_runtime) | (Required) See Runtimes for valid values. | `string` | `"python3.6"` | no | | [source\_code\_hash](#input\_source\_code\_hash) | (Optional) Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3\_key | `any` | n/a | yes | | [timeout](#input\_timeout) | (Optional) The amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits | `number` | `180` | no | -| [variables](#input\_variables) | (Optional) A map that defines environment variables for the Lambda function. | `map` | 
{
  "lambda": "true"
}
| no | +| [variables](#input\_variables) | (Optional) A map that defines environment variables for the Lambda function. | `map` | 
{
  "lambda": "true"
}
| no | ## Outputs diff --git a/modules/aws/launch_template/README.md b/modules/aws/launch_template/README.md index 9099a578..49b84b5e 100755 --- a/modules/aws/launch_template/README.md +++ b/modules/aws/launch_template/README.md @@ -133,11 +133,11 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [auto\_recovery](#input\_auto\_recovery) | (Optional) Disables the automatic recovery behavior of your instance or sets it to default. Can be 'default' or 'disabled'. See Recover your instance for more details. | `string` | `"default"` | no | -| [block\_device\_mappings](#input\_block\_device\_mappings) | (Optional) Customize EBS volumes attached to the instance. | 
list(object({
    device_name = string
    ebs = object({
      delete_on_termination = bool
      encrypted             = bool
      iops                  = number
      kms_key_id            = string
      snapshot_id           = string
      throughput            = number
      volume_size           = number
      volume_type           = string
    })
  }))
| `[]` | no | -| [credit\_specification](#input\_credit\_specification) | (Optional) Customize the credit specification of the instance. See Credit Specification below for more details. | 
object({
    cpu_credits = string
  })
| 
{
  "cpu_credits": "standard"
}
| no | +| [block\_device\_mappings](#input\_block\_device\_mappings) | (Optional) Customize EBS volumes attached to the instance. | 
list(object({
    device_name = string
    ebs = object({
      delete_on_termination = bool
      encrypted             = bool
      iops                  = number
      kms_key_id            = string
      snapshot_id           = string
      throughput            = number
      volume_size           = number
      volume_type           = string
    })
  }))
| `[]` | no | +| [credit\_specification](#input\_credit\_specification) | (Optional) Customize the credit specification of the instance. See Credit Specification below for more details. | 
object({
    cpu_credits = string
  })
| 
{
  "cpu_credits": "standard"
}
| no | | [ebs\_optimized](#input\_ebs\_optimized) | (Optional) If true, the launched EC2 instance will be EBS-optimized. Default is true | `bool` | `true` | no | -| [enclave\_options](#input\_enclave\_options) | (Optional) Customize the Enclave Options of the instance. See Enclave Options below for more details. | 
object({
    enabled = bool
  })
| `null` | no | -| [hibernation\_options](#input\_hibernation\_options) | (Optional) Customize the Hibernation Options of the instance. See Hibernation Options below for more details. | 
object({
    configured = bool
  })
| `null` | no | +| [enclave\_options](#input\_enclave\_options) | (Optional) Customize the Enclave Options of the instance. See Enclave Options below for more details. | 
object({
    enabled = bool
  })
| `null` | no | +| [hibernation\_options](#input\_hibernation\_options) | (Optional) Customize the Hibernation Options of the instance. See Hibernation Options below for more details. | 
object({
    configured = bool
  })
| `null` | no | | [http\_endpoint](#input\_http\_endpoint) | (Optional) Whether the metadata service is available. Can be 'enabled' or 'disabled'. Default is 'enabled'. | `string` | `"enabled"` | no | | [http\_protocol\_ipv6](#input\_http\_protocol\_ipv6) | (Optional) Enables or disables the IPv6 endpoint for the instance metadata service. Default is disable. | `string` | `"disabled"` | no | | [http\_put\_response\_hop\_limit](#input\_http\_put\_response\_hop\_limit) | (Optional) The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Can be an integer from 1 to 64. (Default: 1). | `number` | `1` | no | @@ -149,13 +149,13 @@ No modules. | [instance\_type](#input\_instance\_type) | (Required) The type of the instance. If present then instance\_requirements cannot be present. | `string` | n/a | yes | | [kernel\_id](#input\_kernel\_id) | (Optional) The ID of the kernel. | `string` | `null` | no | | [key\_name](#input\_key\_name) | (Optional) The key name that should be used for the instance. | `string` | `null` | no | -| [license\_specification](#input\_license\_specification) | (Optional) Customize the License Specification of the instance. See License Specification below for more details. | 
list(object({
    license_configuration_arn = string
  }))
| `null` | no | +| [license\_specification](#input\_license\_specification) | (Optional) Customize the License Specification of the instance. See License Specification below for more details. | 
list(object({
    license_configuration_arn = string
  }))
| `null` | no | | [monitoring\_enabled](#input\_monitoring\_enabled) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. Default is true. | `bool` | `true` | no | | [name\_prefix](#input\_name\_prefix) | (Required) Creates a unique name for the launch template beginning with the specified prefix. Conflicts with name. | `string` | n/a | yes | -| [network\_interfaces](#input\_network\_interfaces) | (Optional) Customize the Network Interfaces of the instance. See Network Interfaces below for more details. | 
list(object({
    associate_carrier_ip_address = bool
    associate_public_ip_address  = bool
    delete_on_termination        = bool
    description                  = string
    device_index                 = number
    ipv6_address_count           = number
    ipv6_addresses               = list(string)
    network_interface_id         = string
    private_ip_address           = string
    security_groups              = list(string)
    subnet_id                    = string
  }))
| `null` | no | -| [placement](#input\_placement) | (Optional) Customize the Placement of the instance. See Placement below for more details. | 
object({
    affinity          = string
    availability_zone = string
    group_name        = string
    host_id           = string
    spread_domain     = string
    tenancy           = string
  })
| `null` | no | -| [tag\_specifications](#input\_tag\_specifications) | (Optional) Customize the Tag Specifications of the instance. See Tag Specifications below for more details. | 
list(object({
    resource_type = string
    tags          = map(string)
  }))
| 
[
  {
    "resource_type": "instance",
    "tags": {
      "environment": "prod",
      "launch_template": "true",
      "terraform": "true"
    }
  },
  {
    "resource_type": "volume",
    "tags": {
      "environment": "prod",
      "launch_template": "true",
      "terraform": "true"
    }
  }
]
| no | -| [tags](#input\_tags) | (Optional) A map of tags to assign to the launch template. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [network\_interfaces](#input\_network\_interfaces) | (Optional) Customize the Network Interfaces of the instance. See Network Interfaces below for more details. | 
list(object({
    associate_carrier_ip_address = bool
    associate_public_ip_address  = bool
    delete_on_termination        = bool
    description                  = string
    device_index                 = number
    ipv6_address_count           = number
    ipv6_addresses               = list(string)
    network_interface_id         = string
    private_ip_address           = string
    security_groups              = list(string)
    subnet_id                    = string
  }))
| `null` | no | +| [placement](#input\_placement) | (Optional) Customize the Placement of the instance. See Placement below for more details. | 
object({
    affinity          = string
    availability_zone = string
    group_name        = string
    host_id           = string
    spread_domain     = string
    tenancy           = string
  })
| `null` | no | +| [tag\_specifications](#input\_tag\_specifications) | (Optional) Customize the Tag Specifications of the instance. See Tag Specifications below for more details. | 
list(object({
    resource_type = string
    tags          = map(string)
  }))
| 
[
  {
    "resource_type": "instance",
    "tags": {
      "environment": "prod",
      "launch_template": "true",
      "terraform": "true"
    }
  },
  {
    "resource_type": "volume",
    "tags": {
      "environment": "prod",
      "launch_template": "true",
      "terraform": "true"
    }
  }
]
| no | +| [tags](#input\_tags) | (Optional) A map of tags to assign to the launch template. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | 
{
  "terraform": "true"
}
| no | | [update\_default\_version](#input\_update\_default\_version) | (Optional) Whether to update Default Version each update. Conflicts with default\_version. Default is false. | `bool` | `true` | no | | [user\_data](#input\_user\_data) | (Optional) The Base64-encoded user data to provide when launching the instance. | `string` | `null` | no | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | (Optional) A list of security group IDs to associate with. Conflicts with network\_interfaces.security\_groups | `list(string)` | `[]` | no | diff --git a/modules/aws/organizations/organization/README.md b/modules/aws/organizations/organization/README.md index 00fad968..72de195e 100644 --- a/modules/aws/organizations/organization/README.md +++ b/modules/aws/organizations/organization/README.md @@ -111,7 +111,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [aws\_service\_access\_principals](#input\_aws\_service\_access\_principals) | (Optional) List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature\_set set to ALL. For additional information, see the AWS Organizations User Guide. | `list(string)` | 
[
  "account.amazonaws.com",
  "aws-artifact-account-sync.amazonaws.com",
  "backup.amazonaws.com",
  "cloudtrail.amazonaws.com",
  "health.amazonaws.com",
  "sso.amazonaws.com"
]
| no | +| [aws\_service\_access\_principals](#input\_aws\_service\_access\_principals) | (Optional) List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature\_set set to ALL. For additional information, see the AWS Organizations User Guide. | `list(string)` | 
[
  "account.amazonaws.com",
  "aws-artifact-account-sync.amazonaws.com",
  "backup.amazonaws.com",
  "cloudtrail.amazonaws.com",
  "health.amazonaws.com",
  "sso.amazonaws.com"
]
| no | | [enabled\_policy\_types](#input\_enabled\_policy\_types) | (Optional) List of Organizations policy types to enable in the Organization Root. Organization must have feature\_set set to ALL. For additional information about valid policy types (e.g., AISERVICES\_OPT\_OUT\_POLICY, BACKUP\_POLICY, SERVICE\_CONTROL\_POLICY, and TAG\_POLICY), see the AWS Organizations API Reference. | `list(string)` | `null` | no | | [feature\_set](#input\_feature\_set) | (Optional) Specify 'ALL' (default) or 'CONSOLIDATED\_BILLING'. | `string` | `"ALL"` | no | diff --git a/modules/aws/organizations/ou/README.md b/modules/aws/organizations/ou/README.md index feb49904..99d8c026 100755 --- a/modules/aws/organizations/ou/README.md +++ b/modules/aws/organizations/ou/README.md @@ -108,7 +108,7 @@ No modules. |------|-------------|------|---------|:--------:| | [name](#input\_name) | (Required) The name of the Organizational Unit. | `string` | n/a | yes | | [parent\_id](#input\_parent\_id) | (Required) The unique identifier (ID) of the parent root or organizational unit (OU) that you want to create the OU in. | `string` | n/a | yes | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(string)` | 
{
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/aws/rds/cluster_instance/README.md b/modules/aws/rds/cluster_instance/README.md index a79363d6..90869296 100644 --- a/modules/aws/rds/cluster_instance/README.md +++ b/modules/aws/rds/cluster_instance/README.md @@ -136,7 +136,7 @@ No modules. | [performance\_insights\_kms\_key\_id](#input\_performance\_insights\_kms\_key\_id) | (Optional) The ARN for the KMS key to encrypt Performance Insights data. When specifying performance\_insights\_kms\_key\_id, performance\_insights\_enabled needs to be set to true. | `string` | `null` | no | | [promotion\_tier](#input\_promotion\_tier) | (Optional) Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer. | `number` | `0` | no | | [publicly\_accessible](#input\_publicly\_accessible) | (Optional) Bool to control if instance is publicly accessible. Default false. See the documentation on Creating DB Instances for more details on controlling this property. | `string` | `false` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the instance. | `map(any)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the instance. | `map(any)` | 
{
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/aws/route53/dnssec/README.md b/modules/aws/route53/dnssec/README.md index 23d18892..b9da8350 100644 --- a/modules/aws/route53/dnssec/README.md +++ b/modules/aws/route53/dnssec/README.md @@ -143,7 +143,7 @@ No modules. | [name\_prefix](#input\_name\_prefix) | (Optional) Creates an unique alias beginning with the specified prefix. The name must start with the word alias followed by a forward slash (alias/). | `string` | `"alias/dnssec_"` | no | | [signing\_status](#input\_signing\_status) | (Optional) Hosted Zone signing status. Valid values: SIGNING, NOT\_SIGNING. Defaults to SIGNING. | `string` | `"SIGNING"` | no | | [status](#input\_status) | (Optional) Status of the key-signing key (KSK). Valid values: ACTIVE, INACTIVE. Defaults to ACTIVE. | `string` | `"ACTIVE"` | no | -| [tags](#input\_tags) | (Optional) A map of tags to assign to the object. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A map of tags to assign to the object. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/aws/route53/registered_domain/README.md b/modules/aws/route53/registered_domain/README.md index 6c04436d..9ebc2684 100755 --- a/modules/aws/route53/registered_domain/README.md +++ b/modules/aws/route53/registered_domain/README.md @@ -151,13 +151,13 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [admin\_contact](#input\_admin\_contact) | The admin contact information for the domain. | 
object({
    address_line_1    = string
    address_line_2    = string
    city              = string
    contact_type      = string
    country_code      = string
    email             = string
    extra_params      = map(any)
    fax               = string
    first_name        = string
    last_name         = string
    organization_name = string
    phone_number      = string
    state             = string
    zip_code          = string
  })
| n/a | yes | +| [admin\_contact](#input\_admin\_contact) | The admin contact information for the domain. | 
object({
    address_line_1    = string
    address_line_2    = string
    city              = string
    contact_type      = string
    country_code      = string
    email             = string
    extra_params      = map(any)
    fax               = string
    first_name        = string
    last_name         = string
    organization_name = string
    phone_number      = string
    state             = string
    zip_code          = string
  })
| n/a | yes | | [admin\_privacy](#input\_admin\_privacy) | Whether to enable admin privacy protection. Default is true. | `bool` | `true` | no | -| [domains](#input\_domains) | A map of domains to register with Route53. | 
map(object({
    auto_renew    = bool
    name_servers  = list(string)
    transfer_lock = bool
  }))
| n/a | yes | -| [registrant\_contact](#input\_registrant\_contact) | The registrant contact information for the domain. | 
object({
    address_line_1    = string
    address_line_2    = string
    city              = string
    contact_type      = string
    country_code      = string
    email             = string
    extra_params      = map(any)
    fax               = string
    first_name        = string
    last_name         = string
    organization_name = string
    phone_number      = string
    state             = string
    zip_code          = string
  })
| n/a | yes | +| [domains](#input\_domains) | A map of domains to register with Route53. | 
map(object({
    auto_renew    = bool
    name_servers  = list(string)
    transfer_lock = bool
  }))
| n/a | yes | +| [registrant\_contact](#input\_registrant\_contact) | The registrant contact information for the domain. | 
object({
    address_line_1    = string
    address_line_2    = string
    city              = string
    contact_type      = string
    country_code      = string
    email             = string
    extra_params      = map(any)
    fax               = string
    first_name        = string
    last_name         = string
    organization_name = string
    phone_number      = string
    state             = string
    zip_code          = string
  })
| n/a | yes | | [registrant\_privacy](#input\_registrant\_privacy) | Whether to enable registrant privacy protection. Default is true. | `bool` | `true` | no | -| [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | 
{
  "terraform": "true"
}
| no | -| [tech\_contact](#input\_tech\_contact) | The tech contact information for the domain. | 
object({
    address_line_1    = string
    address_line_2    = string
    city              = string
    contact_type      = string
    country_code      = string
    email             = string
    extra_params      = map(any)
    fax               = string
    first_name        = string
    last_name         = string
    organization_name = string
    phone_number      = string
    state             = string
    zip_code          = string
  })
| n/a | yes | +| [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [tech\_contact](#input\_tech\_contact) | The tech contact information for the domain. | 
object({
    address_line_1    = string
    address_line_2    = string
    city              = string
    contact_type      = string
    country_code      = string
    email             = string
    extra_params      = map(any)
    fax               = string
    first_name        = string
    last_name         = string
    organization_name = string
    phone_number      = string
    state             = string
    zip_code          = string
  })
| n/a | yes | | [tech\_privacy](#input\_tech\_privacy) | Whether to enable tech privacy protection. Default is true. | `bool` | `true` | no | ## Outputs diff --git a/modules/aws/route53/zone/README.md b/modules/aws/route53/zone/README.md index d3643f3d..d19aac23 100644 --- a/modules/aws/route53/zone/README.md +++ b/modules/aws/route53/zone/README.md @@ -149,8 +149,8 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [tags](#input\_tags) | (Optional) A map of tags to assign to the zone. | `map(any)` | 
{
  "terraform": true
}
| no | -| [zones](#input\_zones) | (Required) A map of hosted zone objects. The key is the name of the hosted zone. Values are the zone configuration settings. | 
map(object({
    comment           = optional(string) # (Optional) A comment for the hosted zone. Defaults to 'Managed by Terraform'.
    delegation_set_id = optional(string) # (Optional) The ID of the reusable delegation set whose NS records you want to assign to the hosted zone. Conflicts with vpc as delegation sets can only be used for public zones.
  }))
| n/a | yes | +| [tags](#input\_tags) | (Optional) A map of tags to assign to the zone. | `map(any)` | 
{
  "terraform": true
}
| no | +| [zones](#input\_zones) | (Required) A map of hosted zone objects. The key is the name of the hosted zone. Values are the zone configuration settings. | 
map(object({
    comment           = optional(string) # (Optional) A comment for the hosted zone. Defaults to 'Managed by Terraform'.
    delegation_set_id = optional(string) # (Optional) The ID of the reusable delegation set whose NS records you want to assign to the hosted zone. Conflicts with vpc as delegation sets can only be used for public zones.
  }))
| n/a | yes | ## Outputs diff --git a/modules/aws/s3/bucket/README.md b/modules/aws/s3/bucket/README.md index fbc34824..73729373 100644 --- a/modules/aws/s3/bucket/README.md +++ b/modules/aws/s3/bucket/README.md @@ -389,7 +389,7 @@ No modules. | [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | (Optional) Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. | `bool` | `true` | no | | [routing\_rules](#input\_routing\_rules) | (Optional) A list of routing rules that can redirect requests to different directories or buckets. These rules are applied in the order that you specify them. For more information about routing rules, see Configuring advanced conditional redirects in the Amazon Simple Storage Service Developer Guide. | `any` | `null` | no | | [sse\_algorithm](#input\_sse\_algorithm) | (Optional) The server-side encryption algorithm to use. Valid values are AES256 and aws:kms | `string` | `"aws:kms"` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the bucket. | `map(any)` | 
{
  "created_by": "",
  "environment": "prod",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the bucket. | `map(any)` | 
{
  "created_by": "",
  "environment": "prod",
  "terraform": "true"
}
| no | | [versioning\_status](#input\_versioning\_status) | (Optional) Versioning state of the bucket. Valid values: Enabled, Suspended, or Disabled. Disabled should only be used when creating or importing resources that correspond to unversioned S3 buckets. | `string` | `"Disabled"` | no | ## Outputs diff --git a/modules/aws/transfer_family/README.md b/modules/aws/transfer_family/README.md index 646ef3f3..47f8784f 100755 --- a/modules/aws/transfer_family/README.md +++ b/modules/aws/transfer_family/README.md @@ -141,16 +141,16 @@ _For more examples, please refer to the [Documentation](https://github.com/zachr | [passive\_ip](#input\_passive\_ip) | (Optional) Sets passive mode for FTP and FTPS protocols and the associated IPv4 address to associate. | `string` | `null` | no | | [post\_authentication\_login\_banner](#input\_post\_authentication\_login\_banner) | (Optional) The banner message which is displayed to users after they authenticate to the server. | `string` | `null` | no | | [pre\_authentication\_login\_banner](#input\_pre\_authentication\_login\_banner) | (Optional) The banner message which is displayed to users before they authenticate to the server. | `string` | `null` | no | -| [protocols](#input\_protocols) | (Optional) The list of protocol settings that are configured for your server. Valid values are AS2, SFTP, FTP, and FTPS. | `list(string)` | 
[
  "SFTP"
]
| no | +| [protocols](#input\_protocols) | (Optional) The list of protocol settings that are configured for your server. Valid values are AS2, SFTP, FTP, and FTPS. | `list(string)` | 
[
  "SFTP"
]
| no | | [security\_group\_ids](#input\_security\_group\_ids) | (Optional) A list of security group IDs that are attached to the server's endpoint. (Optional) A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | | [security\_policy\_name](#input\_security\_policy\_name) | (Optional) Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, TransferSecurityPolicy-FIPS-2020-06, TransferSecurityPolicy-FIPS-2023-05, TransferSecurityPolicy-2022-03, TransferSecurityPolicy-2023-05, TransferSecurityPolicy-PQ-SSH-Experimental-2023-04, TransferSecurityPolicy-2024-01, and TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04. Default value is: TransferSecurityPolicy-2024-01. | `string` | `"TransferSecurityPolicy-2024-01"` | no | | [set\_stat\_option](#input\_set\_stat\_option) | (Optional) Specifies the behavior of your server endpoint when you use the STAT command. Valid values are: DEFAULT and ENABLE\_NO\_OP. | `string` | `null` | no | | [storage\_location](#input\_storage\_location) | (Optional) The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default is S3. | `string` | `"S3"` | no | | [subnet\_ids](#input\_subnet\_ids) | (Optional) A list of subnet IDs that are required to host your server endpoint in your VPC. This property can only be used when endpoint\_type is set to VPC. | `list(string)` | `[]` | no | -| [tags](#input\_tags) | (Optional) Key-value mapping of resource tags | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) Key-value mapping of resource tags | `map(string)` | 
{
  "terraform": "true"
}
| no | | [tls\_session\_resumption\_mode](#input\_tls\_session\_resumption\_mode) | (Optional) Specifies the mode of the TLS session resumption. Valid values are: DISABLED, ENABLED, and ENFORCED. | `string` | `null` | no | | [url](#input\_url) | (Optional) The URL of the file transfer protocol endpoint that is used to authentication users through an API\_GATEWAY. | `string` | `null` | no | -| [users](#input\_users) | (Optional) A map of user names and their configuration | 
map(object({
    home_directory      = optional(string)            # Cannot be set if home_directory_type is set to "LOGICAL".
    home_directory_type = optional(string, "LOGICAL") # Default is "LOGICAL"
    policy              = optional(string)            # Set for a custom session policy see https://docs.aws.amazon.com/transfer/latest/userguide/requirements-roles.html#session-policy for more information
    public_key          = optional(string)            # The public key portion of an SSH key pair
    username            = string
  }))
| `{}` | no | +| [users](#input\_users) | (Optional) A map of user names and their configuration | 
map(object({
    home_directory      = optional(string)            # Cannot be set if home_directory_type is set to "LOGICAL".
    home_directory_type = optional(string, "LOGICAL") # Default is "LOGICAL"
    policy              = optional(string)            # Set for a custom session policy see https://docs.aws.amazon.com/transfer/latest/userguide/requirements-roles.html#session-policy for more information
    public_key          = optional(string)            # The public key portion of an SSH key pair
    username            = string
  }))
| `{}` | no | | [vpc\_endpoint\_id](#input\_vpc\_endpoint\_id) | (Optional) The ID of the VPC endpoint. This property can only be used when endpoint\_type is set to VPC. | `string` | `null` | no | | [vpc\_id](#input\_vpc\_id) | (Optional) The ID of the VPC that is used for the transfer server. This property can only be used when endpoint\_type is set to VPC. | `string` | `null` | no | diff --git a/modules/aws/transit_gateway/README.md b/modules/aws/transit_gateway/README.md index 7a77e525..fddd1281 100644 --- a/modules/aws/transit_gateway/README.md +++ b/modules/aws/transit_gateway/README.md @@ -112,7 +112,7 @@ No modules. | [description](#input\_description) | (Optional) Description of the EC2 Transit Gateway. | `string` | `"Transit gateway to allow access across VPCs or accounts."` | no | | [dns\_support](#input\_dns\_support) | (Optional) Whether DNS support is enabled. | `string` | `"enable"` | no | | [name](#input\_name) | (Required) The name of the transit gateway | `string` | n/a | yes | -| [tags](#input\_tags) | (Optional) Map of tags for the EC2 Transit Gateway. | `map(any)` | 
{
  "environment": "prod",
  "project": "core_infrastructure",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) Map of tags for the EC2 Transit Gateway. | `map(any)` | 
{
  "environment": "prod",
  "project": "core_infrastructure",
  "terraform": "true"
}
| no | | [transit\_gateway\_cidr\_blocks](#input\_transit\_gateway\_cidr\_blocks) | (Optional) One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6. | `list(string)` | `null` | no | | [vpn\_ecmp\_support](#input\_vpn\_ecmp\_support) | (Optional) Whether VPN Equal Cost Multipath Protocol support is enabled. | `string` | `"enable"` | no | diff --git a/modules/aws/transit_gateway_attachment/README.md b/modules/aws/transit_gateway_attachment/README.md index 8946ca0a..0b4e9fca 100644 --- a/modules/aws/transit_gateway_attachment/README.md +++ b/modules/aws/transit_gateway_attachment/README.md @@ -113,7 +113,7 @@ No modules. | [ipv6\_support](#input\_ipv6\_support) | (Optional) Whether IPv6 support is enabled. Valid values: disable, enable. Default value: disable. | `string` | `"disable"` | no | | [name](#input\_name) | (Required) The name of the transit gateway attachment | `string` | n/a | yes | | [subnet\_ids](#input\_subnet\_ids) | (Required) Identifiers of EC2 Subnets. | `list(any)` | n/a | yes | -| [tags](#input\_tags) | (Optional) Map of tags for the EC2 Transit Gateway. | `map(any)` | 
{
  "environment": "prod",
  "project": "core_infrastructure",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) Map of tags for the EC2 Transit Gateway. | `map(any)` | 
{
  "environment": "prod",
  "project": "core_infrastructure",
  "terraform": "true"
}
| no | | [transit\_gateway\_default\_route\_table\_association](#input\_transit\_gateway\_default\_route\_table\_association) | (Optional) Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. | `bool` | `true` | no | | [transit\_gateway\_default\_route\_table\_propagation](#input\_transit\_gateway\_default\_route\_table\_propagation) | (Optional) Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. | `bool` | `true` | no | | [transit\_gateway\_id](#input\_transit\_gateway\_id) | (Required) Identifier of EC2 Transit Gateway. | `string` | n/a | yes | diff --git a/modules/aws/transit_gateway_connect/README.md b/modules/aws/transit_gateway_connect/README.md index c10dd1a1..7f90c7c0 100644 --- a/modules/aws/transit_gateway_connect/README.md +++ b/modules/aws/transit_gateway_connect/README.md @@ -109,7 +109,7 @@ No modules. |------|-------------|------|---------|:--------:| | [name](#input\_name) | (Required) The name of the transit gateway | `string` | n/a | yes | | [protocol](#input\_protocol) | (Optional) The tunnel protocol. Valida values: gre. Default is gre. | `string` | `"gre"` | no | -| [tags](#input\_tags) | (Optional) Key-value tags for the EC2 Transit Gateway Connect. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "environment": "prod",
  "project": "core_infrastructure",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) Key-value tags for the EC2 Transit Gateway Connect. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "environment": "prod",
  "project": "core_infrastructure",
  "terraform": "true"
}
| no | | [transit\_gateway\_default\_route\_table\_association](#input\_transit\_gateway\_default\_route\_table\_association) | (Optional) Boolean whether the Connect should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. | `bool` | `true` | no | | [transit\_gateway\_default\_route\_table\_propagation](#input\_transit\_gateway\_default\_route\_table\_propagation) | (Optional) Boolean whether the Connect should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true. | `bool` | `true` | no | | [transit\_gateway\_id](#input\_transit\_gateway\_id) | (Required) Identifier of EC2 Transit Gateway. | `string` | n/a | yes | diff --git a/modules/aws/transit_gateway_connect_peer/README.md b/modules/aws/transit_gateway_connect_peer/README.md index 4062589b..ff584669 100644 --- a/modules/aws/transit_gateway_connect_peer/README.md +++ b/modules/aws/transit_gateway_connect_peer/README.md @@ -114,7 +114,7 @@ No modules. | [inside\_cidr\_blocks](#input\_inside\_cidr\_blocks) | (Required) The CIDR block that will be used for addressing within the tunnel. It must contain exactly one IPv4 CIDR block and up to one IPv6 CIDR block. The IPv4 CIDR block must be /29 size and must be within 169.254.0.0/16 range, with exception of: 169.254.0.0/29, 169.254.1.0/29, 169.254.2.0/29, 169.254.3.0/29, 169.254.4.0/29, 169.254.5.0/29, 169.254.169.248/29. The IPv6 CIDR block must be /125 size and must be within fd00::/8. The first IP from each CIDR block is assigned for customer gateway, the second and third is for Transit Gateway (An example: from range 169.254.100.0/29, .1 is assigned to customer gateway and .2 and .3 are assigned to Transit Gateway) | `list(string)` | n/a | yes | | [name](#input\_name) | (Required) The name of the transit gateway | `string` | n/a | yes | | [peer\_address](#input\_peer\_address) | (Required) The IP addressed assigned to customer device, which will be used as tunnel endpoint. It can be IPv4 or IPv6 address, but must be the same address family as transit\_gateway\_address | `string` | n/a | yes | -| [tags](#input\_tags) | (Optional) Key-value tags for the EC2 Transit Gateway Connect. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "environment": "prod",
  "project": "core_infrastructure",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) Key-value tags for the EC2 Transit Gateway Connect. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "environment": "prod",
  "project": "core_infrastructure",
  "terraform": "true"
}
| no | | [transit\_gateway\_address](#input\_transit\_gateway\_address) | (Required) The IP address assigned to Transit Gateway, which will be used as tunnel endpoint. This address must be from associated Transit Gateway CIDR block. The address must be from the same address family as peer\_address. If not set explicitly, it will be selected from associated Transit Gateway CIDR blocks | `string` | n/a | yes | | [transit\_gateway\_attachment\_id](#input\_transit\_gateway\_attachment\_id) | (Required) The Transit Gateway Connect | `string` | n/a | yes | diff --git a/modules/aws/vendor/cato_sdwan/README.md b/modules/aws/vendor/cato_sdwan/README.md index 0fc79796..aa7f4bf1 100755 --- a/modules/aws/vendor/cato_sdwan/README.md +++ b/modules/aws/vendor/cato_sdwan/README.md @@ -146,22 +146,22 @@ No modules. | [instance\_type](#input\_instance\_type) | (Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance. | `string` | `"c5.xlarge"` | no | | [key\_name](#input\_key\_name) | (Required) Key name of the Key Pair to use for the instance; which can be managed using the aws\_key\_pair resource. | `string` | n/a | yes | | [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"cato_lan_sg"` | no | -| [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | 
[
  "10.11.61.12",
  "10.11.62.12",
  "10.11.63.12"
]
| no | +| [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | 
[
  "10.11.61.12",
  "10.11.62.12",
  "10.11.63.12"
]
| no | | [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato mgmt nic"` | no | | [mgmt\_subnet\_id](#input\_mgmt\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes | | [monitoring](#input\_monitoring) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0) | `bool` | `true` | no | | [number](#input\_number) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no | -| [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | 
[
  "10.11.1.12",
  "10.11.2.12",
  "10.11.3.12"
]
| no | +| [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | 
[
  "10.11.1.12",
  "10.11.2.12",
  "10.11.3.12"
]
| no | | [private\_nic\_description](#input\_private\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato private nic"` | no | | [private\_subnet\_id](#input\_private\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes | -| [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | 
[
  "10.11.201.12",
  "10.11.202.12",
  "10.11.203.12"
]
| no | +| [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | 
[
  "10.11.201.12",
  "10.11.202.12",
  "10.11.203.12"
]
| no | | [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"Cato public nic"` | no | | [public\_subnet\_id](#input\_public\_subnet\_id) | (Required) Subnet ID to create the ENI in. | `list(string)` | n/a | yes | | [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no | | [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `16` | no | | [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3 | `string` | `"gp3"` | no | | [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no | -| [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | 
{
  "created_by": "terraform",
  "environment": "prod",
  "role": "cato_sdwan",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | 
{
  "created_by": "terraform",
  "environment": "prod",
  "role": "cato_sdwan",
  "terraform": "true"
}
| no | | [user\_data](#input\_user\_data) | (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the user\_data\_replace\_on\_change is set then updates to this field will trigger a destroy and recreate. | `string` | `null` | no | | [vpc\_id](#input\_vpc\_id) | (Required, Forces new resource) VPC ID. Defaults to the region's default VPC. | `string` | n/a | yes | | [wan\_mgmt\_sg\_name](#input\_wan\_mgmt\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"cato_wan_mgmt_sg"` | no | diff --git a/modules/aws/vendor/corelight/README.md b/modules/aws/vendor/corelight/README.md index 5c4ae0e3..210ec3c3 100644 --- a/modules/aws/vendor/corelight/README.md +++ b/modules/aws/vendor/corelight/README.md @@ -161,7 +161,7 @@ No modules. | [sg\_description](#input\_sg\_description) | (Optional, Forces new resource) The security group description. Defaults to 'Managed by Terraform'. Cannot be ''. NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags. | `string` | `"Corelight security group"` | no | | [sg\_name](#input\_sg\_name) | (Optional, Forces new resource) The name of the security group. If omitted, Terraform will assign a random, unique name | `string` | `"corelight_sg"` | no | | [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `false` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(any)` | 
{
  "backup": "true",
  "created_by": "terraform",
  "environment": "prod",
  "role": "corelight network monitor",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(any)` | 
{
  "backup": "true",
  "created_by": "terraform",
  "environment": "prod",
  "role": "corelight network monitor",
  "terraform": "true"
}
| no | | [tenancy](#input\_tenancy) | (Optional) The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `"default"` | no | | [user\_data](#input\_user\_data) | (Required) Input the Customer ID from Corelight. Example: '57ee000-1214-999e-hfij-1827417d7421' | `string` | n/a | yes | | [vpc\_id](#input\_vpc\_id) | (Required, Forces new resource) The VPC ID. | `string` | n/a | yes | diff --git a/modules/aws/vendor/fortigate_firewall/README.md b/modules/aws/vendor/fortigate_firewall/README.md index 74475e3b..76ecc174 100755 --- a/modules/aws/vendor/fortigate_firewall/README.md +++ b/modules/aws/vendor/fortigate_firewall/README.md @@ -134,7 +134,7 @@ No modules. |------|-------------|------|---------|:--------:| | [ami\_id](#input\_ami\_id) | The AMI to use | `string` | n/a | yes | | [dmz\_nic\_description](#input\_dmz\_nic\_description) | Description of the dmz network interface | `string` | `"Fortigate FW DMZ nic"` | no | -| [dmz\_private\_ips](#input\_dmz\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | 
[
  "10.11.101.10",
  "10.11.102.10"
]
| no | +| [dmz\_private\_ips](#input\_dmz\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | 
[
  "10.11.101.10",
  "10.11.102.10"
]
| no | | [dmz\_subnet\_id](#input\_dmz\_subnet\_id) | The VPC subnet the instance(s) will be assigned. Set in main.tf | `list(any)` | n/a | yes | | [ebs\_device\_name](#input\_ebs\_device\_name) | ebs volume mount name | `string` | `"/dev/sdb"` | no | | [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `false` | no | @@ -149,7 +149,7 @@ No modules. | [instance\_name\_prefix](#input\_instance\_name\_prefix) | Used to populate the Name tag. Set in main.tf | `string` | `"aws_fw"` | no | | [instance\_type](#input\_instance\_type) | Select the instance type. Set in main.tf | `string` | `"c5.large"` | no | | [key\_name](#input\_key\_name) | keypair name to use for ec2 instance deployment. Keypairs are used to obtain the username/password | `string` | n/a | yes | -| [lan\_private\_ips](#input\_lan\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | 
[
  "10.11.1.10",
  "10.11.2.10"
]
| no | +| [lan\_private\_ips](#input\_lan\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | 
[
  "10.11.1.10",
  "10.11.2.10"
]
| no | | [monitoring](#input\_monitoring) | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `true` | no | | [number](#input\_number) | number of resources to make | `number` | `2` | no | | [private\_nic\_description](#input\_private\_nic\_description) | Description of the private network interface | `string` | `"Fortigate FW private nic"` | no | @@ -162,9 +162,9 @@ No modules. | [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3. | `string` | `"gp3"` | no | | [sg\_name](#input\_sg\_name) | Name of the security group | `string` | `"fortigate_fw_sg"` | no | | [source\_dest\_check](#input\_source\_dest\_check) | Boolean for source and destination checking on the nics | `bool` | `false` | no | -| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "created_by": "terraform",
  "environment": "dev",
  "role": "fortigate_firewall",
  "terraform": "yes"
}
| no | +| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "created_by": "terraform",
  "environment": "dev",
  "role": "fortigate_firewall",
  "terraform": "yes"
}
| no | | [vpc\_id](#input\_vpc\_id) | The VPC id to add the security group | `string` | n/a | yes | -| [wan\_private\_ips](#input\_wan\_private\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | 
[
  "10.11.201.10",
  "10.11.202.10"
]
| no | +| [wan\_private\_ips](#input\_wan\_private\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | 
[
  "10.11.201.10",
  "10.11.202.10"
]
| no | ## Outputs diff --git a/modules/aws/vendor/silverpeak/README.md b/modules/aws/vendor/silverpeak/README.md index e4e4425c..7003c46e 100644 --- a/modules/aws/vendor/silverpeak/README.md +++ b/modules/aws/vendor/silverpeak/README.md @@ -165,7 +165,7 @@ No modules. | [sg\_description](#input\_sg\_description) | (Optional, Forces new resource) The security group description. Defaults to 'Managed by Terraform'. Cannot be ''. NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags. | `string` | `"Silverpeak SDWAN security group"` | no | | [sg\_name](#input\_sg\_name) | (Optional, Forces new resource) The name of the security group. If omitted, Terraform will assign a random, unique name | `string` | `"silverpeak_sg"` | no | | [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default true. | `string` | `false` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map` | 
{
  "backup": "true",
  "created_by": "terraform",
  "environment": "prod",
  "role": "silverpeak_sdwan",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map` | 
{
  "backup": "true",
  "created_by": "terraform",
  "environment": "prod",
  "role": "silverpeak_sdwan",
  "terraform": "true"
}
| no | | [tenancy](#input\_tenancy) | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `"default"` | no | | [user\_data](#input\_user\_data) | The user data to provide when launching the instance | `string` | `""` | no | | [vpc\_id](#input\_vpc\_id) | (Optional, Forces new resource) The VPC ID. | `any` | n/a | yes | diff --git a/modules/aws/vendor/velocloud/README.md b/modules/aws/vendor/velocloud/README.md new file mode 100755 index 00000000..876e434d --- /dev/null +++ b/modules/aws/vendor/velocloud/README.md @@ -0,0 +1,231 @@ + + + + + + + +[![Contributors][contributors-shield]][contributors-url] +[![Forks][forks-shield]][forks-url] +[![Stargazers][stars-shield]][stars-url] +[![Issues][issues-shield]][issues-url] +[![MIT License][license-shield]][license-url] +[![LinkedIn][linkedin-shield]][linkedin-url] + + + +
+
+ + Logo + + +

VeloCloud SDWAN Module

+

+ This module deploys a VeloCloud SDWAN into your environment. Please see the VeloCloud documentation for more information. +
+ Explore the docs » +
+
+ Zachary Hill + · + Report Bug + · + Request Feature +

+
+ + + +
+ Table of Contents +
    +
  1. Usage
    2. +
  2. Requirements
    3. +
  3. Providers
    4. +
  4. Modules
    5. +
  5. Resources
    6. +
  6. Inputs
    7. +
  7. Outputs
    8. +
  8. License
    9. +
  9. Contact
    10. +
  10. Acknowledgments
    11. +
+
+ + + +## Usage + +``` +module "aws_prod_sdwan" { + source = "github.com/zachreborn/terraform-modules//modules/aws/vendor/velocloud" + + availability_zone = [module.vpc.availability_zone[0]] + velocloud_lan_cidr_blocks = ["10.11.0.0/16"] + key_name = module.keypair.key_name + instance_type = "c5.xlarge" + mgmt_subnet_ids = module.vpc.mgmt_subnet_ids + public_subnet_ids = module.vpc.public_subnet_ids + private_subnet_ids = module.vpc.private_subnet_ids + mgmt_ips = ["10.200.61.12"] + public_ips = ["10.200.201.12"] + private_ips = ["10.200.1.12"] + vpc_id = module.vpc.vpc_id + velocloud_activation_key = "1234-5678-90AB-CDEF" + velocloud_orchestrator = "vco.example.com" + tags = { + terraform = "true" + created_by = "Zachary Hill" + environment = "prod" + project = "aws_poc" + backup = "true" + role = "sdwan" + } +} +``` + +_For more examples, please refer to the [Documentation](https://github.com/zachreborn/terraform-modules)_ + +

(back to top)

+ + + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0.0 | +| [aws](#requirement\_aws) | >= 4.0.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 4.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_cloudwatch_metric_alarm.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource | +| [aws_cloudwatch_metric_alarm.system](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource | +| [aws_eip.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource | +| [aws_eip_association.wan_external_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip_association) | resource | +| [aws_instance.ec2_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | +| [aws_network_interface.mgmt_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource | +| [aws_network_interface.private_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource | +| [aws_network_interface.public_nic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource | +| [aws_security_group.sdwan_mgmt_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_security_group.velocloud_lan_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_ami.velocloud](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [ebs\_optimized](#input\_ebs\_optimized) | (Optional) If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information. | `bool` | `true` | no | +| [hibernation](#input\_hibernation) | (Optional) If true, the launched EC2 instance will support hibernation. (Available since v0.6.0) | `bool` | `null` | no | +| [http\_endpoint](#input\_http\_endpoint) | (Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled. | `string` | `"enabled"` | no | +| [http\_tokens](#input\_http\_tokens) | (Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional. | `string` | `"required"` | no | +| [iam\_instance\_profile](#input\_iam\_instance\_profile) | (Optional) IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole. | `string` | `null` | no | +| [instance\_name\_prefix](#input\_instance\_name\_prefix) | (Optional) Used to populate the Name tag. | `string` | `"aws_prod_sdwan"` | no | +| [instance\_type](#input\_instance\_type) | (Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance. | `string` | `"c5.xlarge"` | no | +| [key\_name](#input\_key\_name) | (Optional) Key name of the Key Pair to use for the instance; which can be managed using the aws\_key\_pair resource. Defaults to null. | `string` | `null` | no | +| [lan\_sg\_name](#input\_lan\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_lan_sg"` | no | +| [mgmt\_ips](#input\_mgmt\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | `null` | no | +| [mgmt\_nic\_description](#input\_mgmt\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN mgmt nic"` | no | +| [monitoring](#input\_monitoring) | (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0) | `bool` | `true` | no | +| [number](#input\_number) | (Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1 | `number` | `1` | no | +| [private\_ips](#input\_private\_ips) | (Optional) List of private IPs to assign to the ENI. | `list(string)` | `null` | no | +| [private\_nic\_description](#input\_private\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN private nic"` | no | +| [private\_subnet\_ids](#input\_private\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes | +| [public\_ips](#input\_public\_ips) | (Optional) Private IP addresses to associate with the instance in a VPC. | `list(string)` | `null` | no | +| [public\_nic\_description](#input\_public\_nic\_description) | (Optional) Description for the network interface. | `string` | `"SDWAN public nic"` | no | +| [public\_subnet\_ids](#input\_public\_subnet\_ids) | (Required) Subnet IDs to create the ENI in. | `list(string)` | n/a | yes | +| [root\_ebs\_volume\_encrypted](#input\_root\_ebs\_volume\_encrypted) | (Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection. | `bool` | `true` | no | +| [root\_volume\_size](#input\_root\_volume\_size) | (Optional) Size of the root volume in gibibytes (GiB). | `number` | `8` | no | +| [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3 | `string` | `"gp3"` | no | +| [snmp\_mgmt\_access\_cidr\_blocks](#input\_snmp\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SNMP into the VeloCloud instance. | `list(string)` | `[]` | no | +| [source\_dest\_check](#input\_source\_dest\_check) | (Optional) Whether to enable source destination checking for the ENI. Default false. | `bool` | `false` | no | +| [ssh\_mgmt\_access\_cidr\_blocks](#input\_ssh\_mgmt\_access\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to SSH into the VeloCloud instance. | `list(string)` | `[]` | no | +| [tags](#input\_tags) | (Optional) Map of tags to assign to the device. | `map(any)` | 
{
  "created_by": "terraform",
  "environment": "prod",
  "role": "sdwan",
  "terraform": "true"
}
| no | +| [user\_data](#input\_user\_data) | (Optional) The user data to provide when launching the instance. By default, the velocloud variables will generate a unique user\_data cloud-init configuration for you. This allows specifying custom cloud-init scripting. | `string` | `null` | no | +| [velocloud\_activation\_key](#input\_velocloud\_activation\_key) | (Required) The activation key for the VeloCloud instance(s). | `string` | n/a | yes | +| [velocloud\_ignore\_cert\_errors](#input\_velocloud\_ignore\_cert\_errors) | (Optional) Whether or not to ignore certificate errors when connecting to the VeloCloud orchestrator. Set to true if using private or self-signed certificates on the orchestrator. Defaults to false. | `bool` | `false` | no | +| [velocloud\_lan\_cidr\_blocks](#input\_velocloud\_lan\_cidr\_blocks) | (Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication. | `list(string)` | `null` | no | +| [velocloud\_orchestrator](#input\_velocloud\_orchestrator) | (Required) The IP address or FQDN of the VeloCloud orchestrator. Example: vco.example.com | `string` | n/a | yes | +| [velocloud\_version](#input\_velocloud\_version) | (Optional) The version ID of the VeloCloud VCE AMI to use. Defaults to the latest version. Use semantic versioning to specify a version. Example: 4.5 | `string` | `"4.5"` | no | +| [vpc\_id](#input\_vpc\_id) | (Required, Forces new resource) VPC ID. Defaults to the region's default VPC. | `string` | n/a | yes | +| [wan\_mgmt\_sg\_name](#input\_wan\_mgmt\_sg\_name) | (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name. | `string` | `"velocloud_wan_mgmt_sg"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [ec2\_instance\_id](#output\_ec2\_instance\_id) | n/a | +| [mgmt\_network\_interface\_id](#output\_mgmt\_network\_interface\_id) | n/a | +| [private\_network\_interface\_id](#output\_private\_network\_interface\_id) | n/a | +| [public\_eip\_id](#output\_public\_eip\_id) | n/a | +| [public\_eip\_ip](#output\_public\_eip\_ip) | n/a | +| [public\_network\_interface\_id](#output\_public\_network\_interface\_id) | n/a | + + + +## License + +Distributed under the MIT License. See `LICENSE.txt` for more information. + +

(back to top)

+ + + + +## Contact + +Zachary Hill - [![LinkedIn][linkedin-shield]][linkedin-url] - zhill@zacharyhill.co + +Project Link: [https://github.com/zachreborn/terraform-modules](https://github.com/zachreborn/terraform-modules) + +

(back to top)

+ + + + +## Acknowledgments + +* [Zachary Hill](https://zacharyhill.co) +* [Jake Jones](https://github.com/jakeasarus) + +

(back to top)

+ + + + +[contributors-shield]: https://img.shields.io/github/contributors/zachreborn/terraform-modules.svg?style=for-the-badge +[contributors-url]: https://github.com/zachreborn/terraform-modules/graphs/contributors +[forks-shield]: https://img.shields.io/github/forks/zachreborn/terraform-modules.svg?style=for-the-badge +[forks-url]: https://github.com/zachreborn/terraform-modules/network/members +[stars-shield]: https://img.shields.io/github/stars/zachreborn/terraform-modules.svg?style=for-the-badge +[stars-url]: https://github.com/zachreborn/terraform-modules/stargazers +[issues-shield]: https://img.shields.io/github/issues/zachreborn/terraform-modules.svg?style=for-the-badge +[issues-url]: https://github.com/zachreborn/terraform-modules/issues +[license-shield]: https://img.shields.io/github/license/zachreborn/terraform-modules.svg?style=for-the-badge +[license-url]: https://github.com/zachreborn/terraform-modules/blob/master/LICENSE.txt +[linkedin-shield]: https://img.shields.io/badge/-LinkedIn-black.svg?style=for-the-badge&logo=linkedin&colorB=555 +[linkedin-url]: https://www.linkedin.com/in/zachary-hill-5524257a/ +[product-screenshot]: /images/screenshot.webp +[Terraform.io]: https://img.shields.io/badge/Terraform-7B42BC?style=for-the-badge&logo=terraform +[Terraform-url]: https://terraform.io \ No newline at end of file diff --git a/modules/aws/vendor/velocloud/main.tf b/modules/aws/vendor/velocloud/main.tf new file mode 100644 index 00000000..49028539 --- /dev/null +++ b/modules/aws/vendor/velocloud/main.tf @@ -0,0 +1,267 @@ +terraform { + required_version = ">= 1.0.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.0.0" + } + } +} + +############################################ +# Data Sources +############################################ +# data "aws_caller_identity" "current" {} +data "aws_region" "current" {} + +data "aws_ami" "velocloud" { + most_recent = true + name_regex = "VeloCloud VCE ${var.velocloud_version}*" + owners = ["679593333241"] + + filter { + name = "state" + values = ["available"] + } +} + +############################################ +# Security Groups +############################################ + +resource "aws_security_group" "sdwan_mgmt_sg" { + name = var.wan_mgmt_sg_name + description = "Security group applied to the VeloCloud SDWAN instance WAN and MGMT NICs for VeloCloud communication" + vpc_id = var.vpc_id + + ingress { + description = "SSH access for support" + from_port = 22 + to_port = 22 + protocol = "TCP" + cidr_blocks = var.ssh_mgmt_access_cidr_blocks + } + + ingress { + description = "SNMP access for management" + from_port = 161 + to_port = 161 + protocol = "UDP" + cidr_blocks = var.snmp_mgmt_access_cidr_blocks + } + + ingress { + description = "VMware Multipath Protocol" + from_port = 2426 + to_port = 2426 + protocol = "UDP" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + description = "All traffic" + from_port = 0 + to_port = 0 + protocol = "-1" + # VeloCloud SDWAN requires this port to be open to the internet + #tfsec:ignore:aws-ec2-no-public-egress-sgr + cidr_blocks = ["0.0.0.0/0"] + } + + tags = merge(var.tags, ({ "Name" = format("%s", var.wan_mgmt_sg_name) })) +} + +resource "aws_security_group" "velocloud_lan_sg" { + name = var.lan_sg_name + description = "Security group applied to VeloCloud SDWAN instance LAN NICs for SDWAN communication" + vpc_id = var.vpc_id + + ingress { + description = "All traffic" + from_port = 0 + to_port = 0 + protocol = "-1" + # VeloCloud requires this port to be open in order to pass traffic from sources to the SDWAN. + #tfsec:ignore:aws-ec2-no-public-egress-sgr + cidr_blocks = var.velocloud_lan_cidr_blocks + } + + egress { + description = "All traffic" + from_port = 0 + to_port = 0 + protocol = "-1" + # VeloCloud requires this port to be open in order to pass traffic to the SDWAN. + #tfsec:ignore:aws-ec2-no-public-egress-sgr + cidr_blocks = ["0.0.0.0/0"] + } + + tags = merge(var.tags, ({ "Name" = format("%s", var.lan_sg_name) })) +} + +############################################ +# EIP +############################################ + +resource "aws_eip" "wan_external_ip" { + count = var.number + domain = "vpc" + tags = merge(var.tags, ({ "Name" = format("%s%d_wan", var.instance_name_prefix, count.index + 1) })) +} + +resource "aws_eip_association" "wan_external_ip" { + count = var.number + allocation_id = element(aws_eip.wan_external_ip[*].id, count.index) + network_interface_id = element(aws_network_interface.public_nic[*].id, count.index) +} + +############################################ +# ENI +############################################ + +resource "aws_network_interface" "mgmt_nic" { + # Ge1 is the management interface in VeloCloud and attached at eth0 + count = var.number + description = var.mgmt_nic_description + private_ips = var.mgmt_ips == null ? null : [element(var.mgmt_ips, count.index)] + security_groups = [aws_security_group.sdwan_mgmt_sg.id] + source_dest_check = var.source_dest_check + subnet_id = element(var.public_subnet_ids, count.index) + tags = merge(var.tags, ({ "Name" = format("%s%d_mgmt", var.instance_name_prefix, count.index + 1) })) +} + +resource "aws_network_interface" "public_nic" { + # Ge2 is the public interface in VeloCloud and attached at eth1 + count = var.number + description = var.public_nic_description + private_ips = var.public_ips == null ? null : [element(var.public_ips, count.index)] + security_groups = [aws_security_group.sdwan_mgmt_sg.id] + source_dest_check = var.source_dest_check + subnet_id = element(var.public_subnet_ids, count.index) + tags = merge(var.tags, ({ "Name" = format("%s%d_public", var.instance_name_prefix, count.index + 1) })) +} + +resource "aws_network_interface" "private_nic" { + # Ge3 is the private interface in VeloCloud and attached at eth2 + count = var.number + description = var.private_nic_description + private_ips = var.private_ips == null ? null : [element(var.private_ips, count.index)] + security_groups = [aws_security_group.velocloud_lan_sg.id] + source_dest_check = var.source_dest_check + subnet_id = element(var.private_subnet_ids, count.index) + tags = merge(var.tags, ({ "Name" = format("%s%d_private", var.instance_name_prefix, count.index + 1) })) +} + +############################################ +# EC2 Instance +############################################ + +resource "aws_instance" "ec2_instance" { + + ami = data.aws_ami.velocloud.id + count = var.number + ebs_optimized = var.ebs_optimized + hibernation = var.hibernation + iam_instance_profile = var.iam_instance_profile + instance_type = var.instance_type + key_name = var.key_name + monitoring = var.monitoring + volume_tags = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) })) + tags = merge(var.tags, ({ "Name" = format("%s%d", var.instance_name_prefix, count.index + 1) })) + user_data = var.user_data != null ? var.user_data : templatefile("${path.module}/user_data.tftpl", { + velocloud_activation_key = var.velocloud_activation_key + velocloud_ignore_cert_errors = var.velocloud_ignore_cert_errors + velocloud_orchestrator = var.velocloud_orchestrator + }) + + metadata_options { + http_endpoint = var.http_endpoint + http_tokens = var.http_tokens + } + + network_interface { + network_interface_id = element(aws_network_interface.mgmt_nic[*].id, count.index) + device_index = 0 + } + + network_interface { + network_interface_id = element(aws_network_interface.public_nic[*].id, count.index) + device_index = 1 + } + + network_interface { + network_interface_id = element(aws_network_interface.private_nic[*].id, count.index) + device_index = 2 + } + + root_block_device { + volume_type = var.root_volume_type + volume_size = var.root_volume_size + encrypted = var.root_ebs_volume_encrypted + } + + depends_on = [ + aws_eip.wan_external_ip, + aws_network_interface.mgmt_nic, + aws_network_interface.public_nic, + aws_network_interface.private_nic + ] +} + +################################################### +# CloudWatch Alarms +################################################### + +##################### +# Status Check Failed Instance Metric +##################### + +resource "aws_cloudwatch_metric_alarm" "instance" { + actions_enabled = true + alarm_actions = [] + alarm_description = "EC2 instance StatusCheckFailed_Instance alarm" + alarm_name = format("%s-instance-alarm", element(aws_instance.ec2_instance[*].id, count.index)) + comparison_operator = "GreaterThanOrEqualToThreshold" + count = var.number + datapoints_to_alarm = 2 + dimensions = { + InstanceId = element(aws_instance.ec2_instance[*].id, count.index) + } + evaluation_periods = "2" + insufficient_data_actions = [] + metric_name = "StatusCheckFailed_Instance" + namespace = "AWS/EC2" + ok_actions = [] + period = "60" + statistic = "Maximum" + threshold = "1" + treat_missing_data = "missing" + #unit = var.unit +} + +##################### +# Status Check Failed System Metric +##################### + +resource "aws_cloudwatch_metric_alarm" "system" { + actions_enabled = true + alarm_actions = ["arn:aws:automate:${data.aws_region.current.name}:ec2:recover"] + alarm_description = "EC2 instance StatusCheckFailed_System alarm" + alarm_name = format("%s-system-alarm", element(aws_instance.ec2_instance[*].id, count.index)) + comparison_operator = "GreaterThanOrEqualToThreshold" + count = var.number + datapoints_to_alarm = 2 + dimensions = { + InstanceId = element(aws_instance.ec2_instance[*].id, count.index) + } + evaluation_periods = "2" + insufficient_data_actions = [] + metric_name = "StatusCheckFailed_System" + namespace = "AWS/EC2" + ok_actions = [] + period = "60" + statistic = "Maximum" + threshold = "1" + treat_missing_data = "missing" + #unit = var.unit +} diff --git a/modules/aws/vendor/velocloud/outputs.tf b/modules/aws/vendor/velocloud/outputs.tf new file mode 100644 index 00000000..3a3e87b7 --- /dev/null +++ b/modules/aws/vendor/velocloud/outputs.tf @@ -0,0 +1,23 @@ +output "ec2_instance_id" { + value = aws_instance.ec2_instance[*].id +} + +output "public_eip_id" { + value = aws_eip.wan_external_ip[*].id +} + +output "public_eip_ip" { + value = aws_eip.wan_external_ip[*].public_ip +} + +output "mgmt_network_interface_id" { + value = aws_network_interface.mgmt_nic[*].id +} + +output "public_network_interface_id" { + value = aws_network_interface.public_nic[*].id +} + +output "private_network_interface_id" { + value = aws_network_interface.private_nic[*].id +} diff --git a/modules/aws/vendor/velocloud/user_data.tftpl b/modules/aws/vendor/velocloud/user_data.tftpl new file mode 100644 index 00000000..bacc28b4 --- /dev/null +++ b/modules/aws/vendor/velocloud/user_data.tftpl @@ -0,0 +1,9 @@ +#cloud-config +velocloud: + vce: + vco: ${velocloud_orchestrator} + activation_code: ${velocloud_activation_key} + vco_ignore_cert_errors: ${velocloud_ignore_cert_errors} + +runcmd: + - echo "Velocloud vEdge Successfully Configured" \ No newline at end of file diff --git a/modules/aws/vendor/velocloud/variables.tf b/modules/aws/vendor/velocloud/variables.tf new file mode 100644 index 00000000..c4406996 --- /dev/null +++ b/modules/aws/vendor/velocloud/variables.tf @@ -0,0 +1,235 @@ +############################################ +# Data Sources +############################################ + +variable "velocloud_version" { + description = "(Optional) The version ID of the VeloCloud VCE AMI to use. Defaults to the latest version. Use semantic versioning to specify a version. Example: 4.5" + default = "4.5" + type = string +} + +############################################ +# Security Groups +############################################ + +variable "lan_sg_name" { + description = "(Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name." + default = "velocloud_lan_sg" + type = string +} + +variable "snmp_mgmt_access_cidr_blocks" { + description = "(Optional) List of CIDR blocks allowed to SNMP into the VeloCloud instance." + default = [] + type = list(string) +} + +variable "ssh_mgmt_access_cidr_blocks" { + description = "(Optional) List of CIDR blocks allowed to SSH into the VeloCloud instance." + default = [] + type = list(string) +} + +variable "wan_mgmt_sg_name" { + description = "(Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name." + default = "velocloud_wan_mgmt_sg" + type = string +} + +variable "velocloud_lan_cidr_blocks" { + type = list(string) + description = "(Optional) List of CIDR blocks allowed to utilize the VeloCloud instance for SDWAN communication." + default = null +} + +variable "vpc_id" { + description = "(Required, Forces new resource) VPC ID. Defaults to the region's default VPC." + type = string +} + +############################################ +# ENI +############################################ + +variable "mgmt_nic_description" { + description = "(Optional) Description for the network interface." + default = "SDWAN mgmt nic" + type = string +} + +variable "mgmt_ips" { + description = "(Optional) List of private IPs to assign to the ENI." + default = null + type = list(string) +} + +variable "public_nic_description" { + description = "(Optional) Description for the network interface." + default = "SDWAN public nic" + type = string +} + +variable "public_subnet_ids" { + description = "(Required) Subnet IDs to create the ENI in." + type = list(string) +} + +variable "public_ips" { + description = "(Optional) Private IP addresses to associate with the instance in a VPC." + default = null + type = list(string) +} + +variable "private_subnet_ids" { + description = "(Required) Subnet IDs to create the ENI in." + type = list(string) +} + +variable "private_nic_description" { + description = "(Optional) Description for the network interface." + default = "SDWAN private nic" + type = string +} + +variable "private_ips" { + description = "(Optional) List of private IPs to assign to the ENI." + default = null + type = list(string) +} + +variable "source_dest_check" { + description = "(Optional) Whether to enable source destination checking for the ENI. Default false." + default = false + type = bool +} + +############################################ +# EC2 Instance +############################################ + +variable "ebs_optimized" { + description = "(Optional) If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information." + default = true + type = bool +} + +variable "monitoring" { + description = "(Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)" + default = true + type = bool +} + +variable "hibernation" { + description = "(Optional) If true, the launched EC2 instance will support hibernation. (Available since v0.6.0)" + type = bool + default = null +} + +variable "http_endpoint" { + type = string + description = "(Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled." + default = "enabled" + validation { + condition = can(regex("^(enabled|disabled)$", var.http_endpoint)) + error_message = "The value must be either enabled or disabled." + } +} + +variable "http_tokens" { + type = string + description = "(Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional." + default = "required" + validation { + condition = can(regex("^(optional|required)$", var.http_tokens)) + error_message = "The value must be either optional or required." + } +} + +variable "instance_type" { + description = "(Optional) Instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance." + default = "c5.xlarge" + type = string +} + +variable "key_name" { + description = "(Optional) Key name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resource. Defaults to null." + type = string + default = null +} + +variable "iam_instance_profile" { + description = "(Optional) IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole." + default = null + type = string +} + +variable "instance_name_prefix" { + description = "(Optional) Used to populate the Name tag." + default = "aws_prod_sdwan" + type = string +} + +variable "root_volume_type" { + description = "(Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3" + default = "gp3" + type = string +} + +variable "root_volume_size" { + description = "(Optional) Size of the root volume in gibibytes (GiB)." + default = 8 + type = number +} + +variable "root_ebs_volume_encrypted" { + description = "(Optional) Whether to enable volume encryption on the root ebs volume. Defaults to true. Must be configured to perform drift detection." + default = true + type = bool +} + +variable "velocloud_activation_key" { + description = "(Required) The activation key for the VeloCloud instance(s)." + type = string + validation { + condition = can(regex("^[A-Z0-9-]{19}$", var.velocloud_activation_key)) + error_message = "The activation key must be 16 characters long with hyphens every 4 characters and contain only uppercase alphanumeric characters and hyphens. Example (AAA1-2BBB-3C3C-44D4)" + } +} + +variable "velocloud_ignore_cert_errors" { + description = "(Optional) Whether or not to ignore certificate errors when connecting to the VeloCloud orchestrator. Set to true if using private or self-signed certificates on the orchestrator. Defaults to false." + default = false + type = bool +} + +variable "velocloud_orchestrator" { + description = "(Required) The IP address or FQDN of the VeloCloud orchestrator. Example: vco.example.com" + type = string +} + +variable "user_data" { + description = "(Optional) The user data to provide when launching the instance. By default, the velocloud variables will generate a unique user_data cloud-init configuration for you. This allows specifying custom cloud-init scripting." + type = string + default = null +} + +############################################################### +# General Use Variables +############################################################### + +variable "tags" { + description = "(Optional) Map of tags to assign to the device." + default = { + created_by = "terraform" + terraform = "true" + environment = "prod" + role = "sdwan" + } + type = map(any) +} + +variable "number" { + description = "(Optional) Quantity of resources to make with this module. Example: Setting this to 2 will create 2 of all the required resources. Default: 1" + default = 1 + type = number +} \ No newline at end of file diff --git a/modules/aws/vpc/README.md b/modules/aws/vpc/README.md index a7149e66..4609740d 100755 --- a/modules/aws/vpc/README.md +++ b/modules/aws/vpc/README.md @@ -208,13 +208,13 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [azs](#input\_azs) | A list of Availability zones in the region | `list` | 
[
  "us-east-2a",
  "us-east-2b",
  "us-east-2c"
]
| no | +| [azs](#input\_azs) | A list of Availability zones in the region | `list` | 
[
  "us-east-2a",
  "us-east-2b",
  "us-east-2c"
]
| no | | [cloudwatch\_name\_prefix](#input\_cloudwatch\_name\_prefix) | (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. | `string` | `"flow_logs_"` | no | | [cloudwatch\_retention\_in\_days](#input\_cloudwatch\_retention\_in\_days) | (Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. | `number` | `90` | no | | [db\_propagating\_vgws](#input\_db\_propagating\_vgws) | A list of VGWs the db route table should propagate. | `list` | `[]` | no | -| [db\_subnets\_list](#input\_db\_subnets\_list) | A list of database subnets inside the VPC. | `list` | 
[
  "10.11.11.0/24",
  "10.11.12.0/24",
  "10.11.13.0/24"
]
| no | +| [db\_subnets\_list](#input\_db\_subnets\_list) | A list of database subnets inside the VPC. | `list` | 
[
  "10.11.11.0/24",
  "10.11.12.0/24",
  "10.11.13.0/24"
]
| no | | [dmz\_propagating\_vgws](#input\_dmz\_propagating\_vgws) | A list of VGWs the DMZ route table should propagate. | `list` | `[]` | no | -| [dmz\_subnets\_list](#input\_dmz\_subnets\_list) | A list of DMZ subnets inside the VPC. | `list` | 
[
  "10.11.101.0/24",
  "10.11.102.0/24",
  "10.11.103.0/24"
]
| no | +| [dmz\_subnets\_list](#input\_dmz\_subnets\_list) | A list of DMZ subnets inside the VPC. | `list` | 
[
  "10.11.101.0/24",
  "10.11.102.0/24",
  "10.11.103.0/24"
]
| no | | [enable\_dns\_hostnames](#input\_enable\_dns\_hostnames) | (Optional) A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false. | `bool` | `true` | no | | [enable\_dns\_support](#input\_enable\_dns\_support) | (Optional) A boolean flag to enable/disable DNS support in the VPC. Defaults true. | `bool` | `true` | no | | [enable\_firewall](#input\_enable\_firewall) | (Optional) A boolean flag to enable/disable the use of a firewall instance within the VPC. Defaults False. | `bool` | `false` | no | @@ -246,17 +246,17 @@ No modules. | [key\_usage](#input\_key\_usage) | (Optional) Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no | | [map\_public\_ip\_on\_launch](#input\_map\_public\_ip\_on\_launch) | (Optional) Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false. | `bool` | `true` | no | | [mgmt\_propagating\_vgws](#input\_mgmt\_propagating\_vgws) | A list of VGWs the mgmt route table should propagate. | `list` | `[]` | no | -| [mgmt\_subnets\_list](#input\_mgmt\_subnets\_list) | A list of mgmt subnets inside the VPC. | `list` | 
[
  "10.11.61.0/24",
  "10.11.62.0/24",
  "10.11.63.0/24"
]
| no | +| [mgmt\_subnets\_list](#input\_mgmt\_subnets\_list) | A list of mgmt subnets inside the VPC. | `list` | 
[
  "10.11.61.0/24",
  "10.11.62.0/24",
  "10.11.63.0/24"
]
| no | | [name](#input\_name) | (Required) Name to be tagged on all of the resources as an identifier | `string` | n/a | yes | | [private\_propagating\_vgws](#input\_private\_propagating\_vgws) | A list of VGWs the private route table should propagate. | `list` | `[]` | no | -| [private\_subnets\_list](#input\_private\_subnets\_list) | A list of private subnets inside the VPC. | `list` | 
[
  "10.11.1.0/24",
  "10.11.2.0/24",
  "10.11.3.0/24"
]
| no | +| [private\_subnets\_list](#input\_private\_subnets\_list) | A list of private subnets inside the VPC. | `list` | 
[
  "10.11.1.0/24",
  "10.11.2.0/24",
  "10.11.3.0/24"
]
| no | | [public\_propagating\_vgws](#input\_public\_propagating\_vgws) | A list of VGWs the public route table should propagate. | `list` | `[]` | no | -| [public\_subnets\_list](#input\_public\_subnets\_list) | A list of public subnets inside the VPC. | `list` | 
[
  "10.11.201.0/24",
  "10.11.202.0/24",
  "10.11.203.0/24"
]
| no | +| [public\_subnets\_list](#input\_public\_subnets\_list) | A list of public subnets inside the VPC. | `list` | 
[
  "10.11.201.0/24",
  "10.11.202.0/24",
  "10.11.203.0/24"
]
| no | | [single\_nat\_gateway](#input\_single\_nat\_gateway) | (Optional) A boolean flag to enable/disable use of only a single shared NAT Gateway across all of your private networks. Defaults False. | `bool` | `false` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map` | 
{
  "created_by": "",
  "environment": "prod",
  "priority": "high",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map` | 
{
  "created_by": "",
  "environment": "prod",
  "priority": "high",
  "terraform": "true"
}
| no | | [vpc\_cidr](#input\_vpc\_cidr) | The CIDR block for the VPC | `string` | `"10.11.0.0/16"` | no | | [workspaces\_propagating\_vgws](#input\_workspaces\_propagating\_vgws) | A list of VGWs the workspaces route table should propagate. | `list` | `[]` | no | -| [workspaces\_subnets\_list](#input\_workspaces\_subnets\_list) | A list of workspaces subnets inside the VPC. | `list` | 
[
  "10.11.21.0/24",
  "10.11.22.0/24",
  "10.11.23.0/24"
]
| no | +| [workspaces\_subnets\_list](#input\_workspaces\_subnets\_list) | A list of workspaces subnets inside the VPC. | `list` | 
[
  "10.11.21.0/24",
  "10.11.22.0/24",
  "10.11.23.0/24"
]
| no | ## Outputs diff --git a/modules/aws/vpc_peering_connection_accepter/README.md b/modules/aws/vpc_peering_connection_accepter/README.md index 19059b58..3b3356df 100644 --- a/modules/aws/vpc_peering_connection_accepter/README.md +++ b/modules/aws/vpc_peering_connection_accepter/README.md @@ -114,7 +114,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [auto\_accept](#input\_auto\_accept) | (Optional) Whether or not to accept the peering request. Defaults to false. | `string` | `false` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(any)` | 
{
  "created_by": "Jake Jones",
  "environment": "prod",
  "role": "vpc_peering_connection_accepter",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(any)` | 
{
  "created_by": "Jake Jones",
  "environment": "prod",
  "role": "vpc_peering_connection_accepter",
  "terraform": "true"
}
| no | | [vpc\_peering\_connection\_id](#input\_vpc\_peering\_connection\_id) | (Required) The VPC Peering Connection ID to manage. | `string` | n/a | yes | ## Outputs diff --git a/modules/aws/vpn/README.md b/modules/aws/vpn/README.md index d2fbb41b..5fd79d40 100644 --- a/modules/aws/vpn/README.md +++ b/modules/aws/vpn/README.md @@ -136,15 +136,15 @@ No modules. | [ip\_address](#input\_ip\_address) | (Required) The IPv4 address for the customer gateway device's outside interface. | `list(string)` | n/a | yes | | [name](#input\_name) | (Required) Name to be used on all the resources as identifier | `string` | n/a | yes | | [static\_routes\_only](#input\_static\_routes\_only) | (Optional, Default true) Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP. | `bool` | `true` | no | -| [tags](#input\_tags) | (Optional) A map of tags to assign to the resource. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A map of tags to assign to the resource. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | 
{
  "terraform": "true"
}
| no | | [transit\_gateway\_id](#input\_transit\_gateway\_id) | (Optional) The ID of the EC2 Transit Gateway. | `string` | `null` | no | -| [tunnel\_ike\_versions](#input\_tunnel\_ike\_versions) | (Optional) The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 \| ikev2. | `list(string)` | 
[
  "ikev2"
]
| no | -| [tunnel\_phase1\_dh\_group\_numbers](#input\_tunnel\_phase1\_dh\_group\_numbers) | (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 \| 14 \| 15 \| 16 \| 17 \| 18 \| 19 \| 20 \| 21 \| 22 \| 23 \| 24. | `list(string)` | 
[
  "14",
  "15",
  "16",
  "17",
  "18",
  "19",
  "20",
  "21",
  "22",
  "23",
  "24"
]
| no | -| [tunnel\_phase1\_encryption\_algorithms](#input\_tunnel\_phase1\_encryption\_algorithms) | (Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 \| AES256 \| AES128-GCM-16 \| AES256-GCM-16. | `list(string)` | 
[
  "AES256",
  "AES256-GCM-16"
]
| no | -| [tunnel\_phase1\_integrity\_algorithms](#input\_tunnel\_phase1\_integrity\_algorithms) | (Optional) One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 \| SHA2-256 \| SHA2-384 \| SHA2-512. | `list(string)` | 
[
  "SHA2-256",
  "SHA2-384",
  "SHA2-512"
]
| no | -| [tunnel\_phase2\_dh\_group\_numbers](#input\_tunnel\_phase2\_dh\_group\_numbers) | (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 \| 5 \| 14 \| 15 \| 16 \| 17 \| 18 \| 19 \| 20 \| 21 \| 22 \| 23 \| 24. | `list(string)` | 
[
  "14",
  "15",
  "16",
  "17",
  "18",
  "19",
  "20",
  "21",
  "22",
  "23",
  "24"
]
| no | -| [tunnel\_phase2\_encryption\_algorithms](#input\_tunnel\_phase2\_encryption\_algorithms) | (Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 \| AES256 \| AES128-GCM-16 \| AES256-GCM-16. | `list(string)` | 
[
  "AES256",
  "AES256-GCM-16"
]
| no | -| [tunnel\_phase2\_integrity\_algorithms](#input\_tunnel\_phase2\_integrity\_algorithms) | (Optional) List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 \| SHA2-256 \| SHA2-384 \| SHA2-512. | `list(string)` | 
[
  "SHA2-256",
  "SHA2-384",
  "SHA2-512"
]
| no | +| [tunnel\_ike\_versions](#input\_tunnel\_ike\_versions) | (Optional) The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 \| ikev2. | `list(string)` | 
[
  "ikev2"
]
| no | +| [tunnel\_phase1\_dh\_group\_numbers](#input\_tunnel\_phase1\_dh\_group\_numbers) | (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 \| 14 \| 15 \| 16 \| 17 \| 18 \| 19 \| 20 \| 21 \| 22 \| 23 \| 24. | `list(string)` | 
[
  "14",
  "15",
  "16",
  "17",
  "18",
  "19",
  "20",
  "21",
  "22",
  "23",
  "24"
]
| no | +| [tunnel\_phase1\_encryption\_algorithms](#input\_tunnel\_phase1\_encryption\_algorithms) | (Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 \| AES256 \| AES128-GCM-16 \| AES256-GCM-16. | `list(string)` | 
[
  "AES256",
  "AES256-GCM-16"
]
| no | +| [tunnel\_phase1\_integrity\_algorithms](#input\_tunnel\_phase1\_integrity\_algorithms) | (Optional) One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 \| SHA2-256 \| SHA2-384 \| SHA2-512. | `list(string)` | 
[
  "SHA2-256",
  "SHA2-384",
  "SHA2-512"
]
| no | +| [tunnel\_phase2\_dh\_group\_numbers](#input\_tunnel\_phase2\_dh\_group\_numbers) | (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 \| 5 \| 14 \| 15 \| 16 \| 17 \| 18 \| 19 \| 20 \| 21 \| 22 \| 23 \| 24. | `list(string)` | 
[
  "14",
  "15",
  "16",
  "17",
  "18",
  "19",
  "20",
  "21",
  "22",
  "23",
  "24"
]
| no | +| [tunnel\_phase2\_encryption\_algorithms](#input\_tunnel\_phase2\_encryption\_algorithms) | (Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 \| AES256 \| AES128-GCM-16 \| AES256-GCM-16. | `list(string)` | 
[
  "AES256",
  "AES256-GCM-16"
]
| no | +| [tunnel\_phase2\_integrity\_algorithms](#input\_tunnel\_phase2\_integrity\_algorithms) | (Optional) List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 \| SHA2-256 \| SHA2-384 \| SHA2-512. | `list(string)` | 
[
  "SHA2-256",
  "SHA2-384",
  "SHA2-512"
]
| no | | [tunnel\_startup\_action](#input\_tunnel\_startup\_action) | (Optional, Default add) The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add \| start. | `string` | `"add"` | no | | [vpc\_id](#input\_vpc\_id) | (Required) The VPC ID to create in. | `string` | n/a | yes | | [vpn\_type](#input\_vpn\_type) | (Required) The type of customer gateway. The only type AWS supports at this time is ipsec.1 | `string` | `"ipsec.1"` | no | diff --git a/modules/azuread/conditional_access/named_location/README.md b/modules/azuread/conditional_access/named_location/README.md index 272c3261..27d364c4 100644 --- a/modules/azuread/conditional_access/named_location/README.md +++ b/modules/azuread/conditional_access/named_location/README.md @@ -132,9 +132,9 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [country](#input\_country) | (Optional) A list of countries and regions to include in the named location. | 
list(object({
    countries_and_regions                 = list(string)
    include_unknown_countries_and_regions = bool
  }))
| `null` | no | +| [country](#input\_country) | (Optional) A list of countries and regions to include in the named location. | 
list(object({
    countries_and_regions                 = list(string)
    include_unknown_countries_and_regions = bool
  }))
| `null` | no | | [display\_name](#input\_display\_name) | (Required) The friendly name for this named location. | `string` | n/a | yes | -| [ip](#input\_ip) | (Optional) A list of IP ranges to include in the named location. | 
list(object({
    ip_ranges = list(string)
    trusted   = bool
  }))
| `null` | no | +| [ip](#input\_ip) | (Optional) A list of IP ranges to include in the named location. | 
list(object({
    ip_ranges = list(string)
    trusted   = bool
  }))
| `null` | no | ## Outputs diff --git a/modules/azuread/group/README.md b/modules/azuread/group/README.md index 3db57e7c..b8c7aa7e 100755 --- a/modules/azuread/group/README.md +++ b/modules/azuread/group/README.md @@ -137,7 +137,7 @@ No modules. | [auto\_subscribe\_new\_members](#input\_auto\_subscribe\_new\_members) | (Optional) Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. | `bool` | `null` | no | | [description](#input\_description) | (Optional) A description for the group. | `string` | `null` | no | | [display\_name](#input\_display\_name) | (Required) The display name for the group. | `string` | n/a | yes | -| [dynamic\_membership](#input\_dynamic\_membership) | (Optional) A dynamic membership block. Cannot be used with the members property. | 
object({
    enabled = bool
    rule    = string
  })
| `null` | no | +| [dynamic\_membership](#input\_dynamic\_membership) | (Optional) A dynamic membership block. Cannot be used with the members property. | 
object({
    enabled = bool
    rule    = string
  })
| `null` | no | | [external\_senders\_allowed](#input\_external\_senders\_allowed) | (Optional) Indicates whether external senders can send messages to the group. Can only be set for Unified groups. | `bool` | `null` | no | | [hide\_from\_address\_lists](#input\_hide\_from\_address\_lists) | (Optional) Indicates whether the group is displayed in certain parts of the Outlook user interface: in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups. Can only be set for Unified groups. | `bool` | `null` | no | | [hide\_from\_outlook\_clients](#input\_hide\_from\_outlook\_clients) | (Optional) Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Can only be set for Unified groups. | `bool` | `null` | no | diff --git a/modules/bootstrapping/aws/README.md b/modules/bootstrapping/aws/README.md index 3eecf9f4..e1d70549 100644 --- a/modules/bootstrapping/aws/README.md +++ b/modules/bootstrapping/aws/README.md @@ -165,7 +165,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [iam\_role\_name](#input\_iam\_role\_name) | (Optional) The name of the IAM role to assume when generating dynamic credentials for this workspace. | `string` | `"terraform_cloud"` | no | -| [tags](#input\_tags) | (Optional) A map of tags to assign to the workspace. | `map(string)` | 
{
  "environment": "prod",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A map of tags to assign to the workspace. | `map(string)` | 
{
  "environment": "prod",
  "terraform": "true"
}
| no | | [terraform\_cloud\_aws\_audience](#input\_terraform\_cloud\_aws\_audience) | (Optional) The audience value to use in the terraform run identity tokens | `string` | `"aws.workload.identity"` | no | | [terraform\_cloud\_hostname](#input\_terraform\_cloud\_hostname) | The hostname of the Terraform Cloud or Terraform Enterprise environment you'd like to use with the identity provider | `string` | `"app.terraform.io"` | no | | [terraform\_cloud\_organization](#input\_terraform\_cloud\_organization) | (Required) The name of the Terraform Cloud organization which the workspace is in. | `string` | n/a | yes | diff --git a/modules/services/aws_backup/README.md b/modules/services/aws_backup/README.md index b53f5914..4a5b8db7 100644 --- a/modules/services/aws_backup/README.md +++ b/modules/services/aws_backup/README.md @@ -147,7 +147,7 @@ No modules. | [key\_policy](#input\_key\_policy) | (Optional) A valid policy JSON document. Although this is a key policy, not an IAM policy, an aws\_iam\_policy\_document, in the form that designates a principal, can be used. For more information about building policy documents with Terraform, see the AWS IAM Policy Document Guide. | `string` | `null` | no | | [key\_usage](#input\_key\_usage) | (Optional) Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no | | [monthly\_backup\_retention](#input\_monthly\_backup\_retention) | (Required) The daily backup plan retention in days. By default this is 365 days. | `number` | `365` | no | -| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | 
{
  "aws_backup": "true",
  "created_by": "",
  "environment": "prod",
  "priority": "critical",
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | (Optional) A mapping of tags to assign to the object. | `map(any)` | 
{
  "aws_backup": "true",
  "created_by": "",
  "environment": "prod",
  "priority": "critical",
  "terraform": "true"
}
| no | | [vault\_disaster\_recovery\_name](#input\_vault\_disaster\_recovery\_name) | value | `string` | `"vault_disaster_recovery"` | no | | [vault\_prod\_daily\_name](#input\_vault\_prod\_daily\_name) | value | `string` | `"vault_prod_daily"` | no | | [vault\_prod\_hourly\_name](#input\_vault\_prod\_hourly\_name) | value | `string` | `"vault_prod_hourly"` | no | diff --git a/modules/services/siem/README.md b/modules/services/siem/README.md index cacece0c..e2bc3278 100644 --- a/modules/services/siem/README.md +++ b/modules/services/siem/README.md @@ -187,7 +187,7 @@ No modules. | [ami](#input\_ami) | ID of AMI to use for the instance | `string` | n/a | yes | | [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | If true, the EC2 instance will have associated public IP address | `bool` | `false` | no | | [auto\_accept](#input\_auto\_accept) | (Optional) Accept the peering (both VPCs need to be in the same AWS account). | `string` | `true` | no | -| [azs](#input\_azs) | A list of availability zones in the region which will be utilized by this VPC | `list(string)` | 
[
  "us-east-1a",
  "us-east-1b"
]
| no | +| [azs](#input\_azs) | A list of availability zones in the region which will be utilized by this VPC | `list(string)` | 
[
  "us-east-1a",
  "us-east-1b"
]
| no | | [bgp\_asn](#input\_bgp\_asn) | BGP ASN used for dynamic routing between the customer gateway and AWS gateway | `number` | `65077` | no | | [bucket\_prefix](#input\_bucket\_prefix) | (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length | `string` | `"siem-cloudtrail-"` | no | | [cloudtrail\_key\_customer\_master\_key\_spec](#input\_cloudtrail\_key\_customer\_master\_key\_spec) | (Optional) Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC\_DEFAULT, RSA\_2048, RSA\_3072, RSA\_4096, ECC\_NIST\_P256, ECC\_NIST\_P384, ECC\_NIST\_P521, or ECC\_SECG\_P256K1. Defaults to SYMMETRIC\_DEFAULT. For help with choosing a key spec, see the AWS KMS Developer Guide. | `string` | `"SYMMETRIC_DEFAULT"` | no | @@ -252,9 +252,9 @@ No modules. | [peer\_vpc\_subnet](#input\_peer\_vpc\_subnet) | (Optional) The subnet cidr block of the VPC which will be a peer | `string` | `""` | no | | [placement\_group](#input\_placement\_group) | The Placement Group to start the instance in | `string` | `""` | no | | [private\_ip](#input\_private\_ip) | Private IP address to associate with the instance in a VPC | `string` | `"10.77.1.70"` | no | -| [private\_subnets\_list](#input\_private\_subnets\_list) | A list of private subnets inside the VPC. | `list(string)` | 
[
  "10.77.1.64/26",
  "10.77.1.192/26"
]
| no | +| [private\_subnets\_list](#input\_private\_subnets\_list) | A list of private subnets inside the VPC. | `list(string)` | 
[
  "10.77.1.64/26",
  "10.77.1.192/26"
]
| no | | [public\_key](#input\_public\_key) | (Required) Public rsa key | `string` | n/a | yes | -| [public\_subnets\_list](#input\_public\_subnets\_list) | A list of public subnets inside the VPC. | `list(string)` | 
[
  "10.77.1.0/26",
  "10.77.1.128/26"
]
| no | +| [public\_subnets\_list](#input\_public\_subnets\_list) | A list of public subnets inside the VPC. | `list(string)` | 
[
  "10.77.1.0/26",
  "10.77.1.128/26"
]
| no | | [root\_delete\_on\_termination](#input\_root\_delete\_on\_termination) | (Optional) Whether the volume should be destroyed on instance termination (Default: true) | `string` | `true` | no | | [root\_volume\_size](#input\_root\_volume\_size) | (Optional) The size of the volume in gigabytes. | `string` | `"100"` | no | | [root\_volume\_type](#input\_root\_volume\_type) | (Optional) The type of volume. Can be standard, gp2, or io1. (Default: standard) | `string` | `"gp2"` | no | @@ -264,7 +264,7 @@ No modules. | [single\_nat\_gateway](#input\_single\_nat\_gateway) | should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no | | [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `true` | no | | [static\_routes\_only](#input\_static\_routes\_only) | Flag to determine whether or not dynamic or static routing is enabled | `bool` | `true` | no | -| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | 
{
  "backup": "true",
  "created_by": "Your Name",
  "environment": "prod",
  "project": "SIEM Implementation",
  "service": "soc",
  "team": "Security Team",
  "terraform": "true",
  "used_by": ""
}
| no | +| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | 
{
  "backup": "true",
  "created_by": "Your Name",
  "environment": "prod",
  "project": "SIEM Implementation",
  "service": "soc",
  "team": "Security Team",
  "terraform": "true",
  "used_by": ""
}
| no | | [tenancy](#input\_tenancy) | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `"default"` | no | | [transit\_gateway\_id](#input\_transit\_gateway\_id) | (Optional) Identifier of an EC2 Transit Gateway. | `string` | `null` | no | | [transit\_subnet\_route\_cidr\_blocks](#input\_transit\_subnet\_route\_cidr\_blocks) | (Optional) The destination CIDR blocks to send to the transit gateway. | `list(any)` | `null` | no | diff --git a/modules/vsphere/datacenter/README.md b/modules/vsphere/datacenter/README.md index 80552dcc..85c3877c 100755 --- a/modules/vsphere/datacenter/README.md +++ b/modules/vsphere/datacenter/README.md @@ -108,7 +108,7 @@ No modules. |------|-------------|------|---------|:--------:| | [folder](#input\_folder) | The folder where the datacenter will be created. Forces a new resource if this is changed. | `string` | n/a | yes | | [name](#input\_name) | The name of the datacenter. The name needs to be unique within the folder. Forces a new resource if this is changed. | `string` | n/a | yes | -| [tags](#input\_tags) | A map of tags to assign to the datacenter. | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | A map of tags to assign to the datacenter. | `map(string)` | 
{
  "terraform": "true"
}
| no | ## Outputs diff --git a/modules/vsphere/folder/README.md b/modules/vsphere/folder/README.md index 343fe12f..fd19e97d 100755 --- a/modules/vsphere/folder/README.md +++ b/modules/vsphere/folder/README.md @@ -110,7 +110,7 @@ No modules. | [custom\_attributes](#input\_custom\_attributes) | A list of custom attributes to apply to the folder. Unsupported on ESXi hosts, requires vCenter. | `map(string)` | `{}` | no | | [datacenter\_id](#input\_datacenter\_id) | The ID of the datacenter where the folder should be created. Forces a new resource if changed. | `any` | n/a | yes | | [path](#input\_path) | The path of the folder. Must be unique within the datacenter. This is relative to the root of the folder for the resource type being created. | `any` | n/a | yes | -| [tags](#input\_tags) | A map of tags to assign to the folder. | `map(string)` | 
{
  "terraform": "true"
}
| no | +| [tags](#input\_tags) | A map of tags to assign to the folder. | `map(string)` | 
{
  "terraform": "true"
}
| no | | [type](#input\_type) | The type of the folder. Allowed options are: datacenter, host, vm, datastore, and network. If unset, the default is host. | `string` | `"host"` | no | ## Outputs