kaffa/was-cf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
was-cf/variables.tf
kappa b87947e3e3 Complete infrastructure and integration updates 
Infrastructure improvements:
- Update CloudFront distribution with ACM certificate support
- Enable custom domain aliases when certificate is available
- Add comprehensive WAF outputs for CrowdSec integration
- Update variables with current configuration defaults

New files:
- Add CrowdSec WAF integration documentation
- Add sync script for CrowdSec to WAF automation
- Add MCP configuration for development tools

Configuration updates:
- Align Terraform configuration with deployed state
- Enable ACM certificate and Route53 DNS by default
- Maintain HTTP-only origin protocol for compatibility

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-09 15:33:36 +09:00

161 lines
3.9 KiB
HCL
Raw Permalink Blame History

variable "aws_region" {
description = "AWS region"
type = string
default = "us-east-1"
}
variable "project_name" {
description = "Name of the project"
type = string
default = "aws-cf"
}
variable "environment" {
description = "Environment (dev, staging, prod)"
type = string
default = "dev"
}
variable "origin_domain" {
description = "Origin domain name"
type = string
default = "origin.servidor.it.com"
}
variable "cloudfront_aliases" {
description = "List of aliases for CloudFront distribution"
type = list(string)
default = ["servidor.it.com", "www.servidor.it.com"]
}
variable "domain_name" {
description = "Main domain name for ACM certificate"
type = string
default = "servidor.it.com"
}
variable "certificate_domain_validation_options" {
description = "Domain validation method for ACM certificate"
type = string
default = "DNS"
}
variable "create_route53_records" {
description = "Whether to create Route53 records for domain validation and alias"
type = bool
default = true
}
variable "price_class" {
description = "CloudFront distribution price class"
type = string
default = "PriceClass_All"
validation {
condition = contains([
"PriceClass_All",
"PriceClass_200",
"PriceClass_100"
], var.price_class)
error_message = "Price class must be one of: PriceClass_All, PriceClass_200, PriceClass_100"
}
}
variable "origin_protocol_policy" {
description = "Origin protocol policy"
type = string
default = "https-only"
validation {
condition = contains([
"http-only",
"https-only",
"match-viewer"
], var.origin_protocol_policy)
error_message = "Origin protocol policy must be one of: http-only, https-only, match-viewer"
}
}
variable "viewer_protocol_policy" {
description = "Viewer protocol policy"
type = string
default = "redirect-to-https"
validation {
condition = contains([
"allow-all",
"https-only",
"redirect-to-https"
], var.viewer_protocol_policy)
error_message = "Viewer protocol policy must be one of: allow-all, https-only, redirect-to-https"
}
}
variable "cache_policy_id" {
description = "CloudFront cache policy ID (managed or custom)"
type = string
default = "4135ea2d-6df8-44a3-9df3-4b5a84be39ad" # CachingDisabled
}
variable "origin_request_policy_id" {
description = "CloudFront origin request policy ID"
type = string
default = "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf" # CORS-S3Origin
}
# Security-related variables
variable "create_alb_security_group" {
description = "Whether to create ALB security group"
type = bool
default = false
}
variable "create_web_security_group" {
description = "Whether to create web server security group"
type = bool
default = false
}
variable "ssh_allowed_cidrs" {
description = "CIDR blocks allowed for SSH access"
type = list(string)
default = ["0.0.0.0/0"] # Restrict this in production
}
variable "enable_waf" {
description = "Whether to enable WAF for CloudFront"
type = bool
default = false
}
variable "enable_cloudformation_stack" {
description = "Whether to create CloudFormation stack"
type = bool
default = false
}
variable "create_acm_certificate" {
description = "Whether to create ACM certificate"
type = bool
default = true
}
variable "enable_cloudfront_logging" {
description = "Whether to enable CloudFront access logging"
type = bool
default = true
}
variable "cloudfront_logs_bucket" {
description = "S3 bucket for CloudFront logs"
type = string
default = ""
}
variable "cloudfront_logs_prefix" {
description = "Prefix for CloudFront logs in S3"
type = string
default = "cloudfront-logs/"
}
Reference in New Issue View Git Blame Copy Permalink