|
|
|
variable "include_management_events" {
|
|
|
|
default = true
|
|
|
|
description = "Whether or not you want to include management events"
|
|
|
|
}
|
|
|
|
variable "lifecycle_enabled" {
|
|
|
|
default = true
|
|
|
|
description = "Whether or not to enable lifecycle rules"
|
|
|
|
}
|
|
|
|
variable "lifecycle_prefix" {
|
|
|
|
default = ""
|
|
|
|
description = "S3 object prefix to manage lifecycle - blank is all objects"
|
|
|
|
}
|
|
|
|
variable "lifecycle_glacier_transition_days" {
|
|
|
|
default = 365
|
|
|
|
description = "Number of days to maintain in S3 until transitioning to Glacier"
|
|
|
|
}
|
|
|
|
variable "enable_key_rotation" {
|
|
|
|
default = true
|
|
|
|
}
|
|
|
|
variable "lifecycle_object_expiration" {
|
|
|
|
default = 1825
|
|
|
|
description = "Number of days to expire objects permanently"
|
|
|
|
}
|
|
|
|
variable "cloudwatch_log_retention" {
|
|
|
|
default = 90
|
|
|
|
description = "Number of days to maintain Cloudtrail events in Cloudwatch Logs"
|
|
|
|
}
|
|
|
|
variable "force_destroy_bucket" {
|
|
|
|
default = false
|
|
|
|
description = "Whether or not you want the bucket to force removal of all objects upon deletion - otherwise throws error when deleting"
|
|
|
|
}
|
|
|
|
variable "include_global_service_events" {
|
|
|
|
default = true
|
|
|
|
description = "Whether or not to include global service events"
|
|
|
|
}
|
|
|
|
variable "is_multi_region_trail" {
|
|
|
|
default = true
|
|
|
|
description = "Whether or not to use all regions"
|
|
|
|
}
|
|
|
|
variable "enable_logging" {
|
|
|
|
default = true
|
|
|
|
description = "Whether or not to enable logging"
|
|
|
|
}
|
|
|
|
variable "enable_log_file_validation" {
|
|
|
|
default = true
|
|
|
|
description = "Whether or not to enable log validation"
|
|
|
|
}
|
|
|
|
variable "tags" {
|
|
|
|
default = {}
|
|
|
|
type = map
|
|
|
|
description = "Optional set of tags to apply to the infrastructure"
|
|
|
|
}
|
|
|
|
variable "prefix" {
|
|
|
|
default = "security"
|
|
|
|
description = "String to prefix to all resources"
|
|
|
|
}
|
|
|
|
variable "activity_log_buckets" {
|
|
|
|
description = "List of bucket ARNs to collect data plane operation logs for in addition to API events"
|
|
|
|
type = list
|
|
|
|
default = []
|
|
|
|
}
|
|
|
|
variable "default_log_bucket" {
|
|
|
|
default = "arn:aws:s3:::"
|
|
|
|
description = "The default buckets to log - all buckets in the account - override to empty string"
|
|
|
|
}
|