-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathvariables.tf
More file actions
138 lines (124 loc) · 3.53 KB
/
variables.tf
File metadata and controls
138 lines (124 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
variable "environment" {
type = string
description = "String literal for the environment"
nullable = false
validation {
condition = contains([
"sandbox-alpha", "sandbox-beta", "qa", "test", "training", "preview", "production"
], var.environment)
error_message = "Valid values for environment: sandbox-alpha, sandbox-beta, qa, test, training, preview, production."
}
}
variable "region" {
type = string
default = "eu-west-2"
description = "AWS region"
nullable = false
}
variable "db_engine_version" {
type = string
default = "16.8"
description = "The version of the database engine to use."
nullable = false
}
variable "imported_snapshot" {
type = string
description = "ARN of snapshot to create DB cluster from. This is the basis for replicating the existing DB."
nullable = false
}
variable "max_aurora_capacity_units" {
type = number
default = 8
description = "Maximum amount of allowed ACU capacity for Aurora Serverless v2"
}
variable "db_secret_arn" {
type = string
description = "The ARN of the secret that stores the credentials for the database from which the snapshot originates."
nullable = false
}
variable "account_id" {
type = string
default = "393416225559"
description = "ID of aws account. Defaults to non-prod account."
nullable = false
}
variable "docker_image" {
type = string
default = "mavis/webapp"
description = "The docker image name for the essential container in the task definition"
nullable = false
}
variable "image_digest" {
type = string
description = "The docker image digest for the essential container in the task definition."
nullable = false
}
variable "rails_env" {
type = string
default = "staging"
description = "The rails environment configuration to use for the mavis application"
nullable = false
validation {
condition = contains(["staging", "production"], var.rails_env)
error_message = "Incorrect rails environment, allowed values are: {staging, production}"
}
}
variable "rails_master_key_path" {
type = string
default = "/mavis/staging/credentials/RAILS_MASTER_KEY"
description = "The path of the System Manager Parameter Store secure string for the rails master key."
nullable = false
}
locals {
name_prefix = "mavis-${var.environment}-data-replication"
subnet_list = [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id]
task_envs = [
{
name = "DB_HOST"
value = aws_rds_cluster.cluster.endpoint
},
{
name = "DB_NAME"
value = aws_rds_cluster.cluster.database_name
},
{
name = "RAILS_ENV"
value = var.rails_env
},
{
name = "SENTRY_ENVIRONMENT"
value = var.environment
},
{
name = "MAVIS__CIS2__ENABLED"
value = "false"
},
{
name = "MAVIS__SPLUNK__ENABLED"
value = "false"
},
{
name = "MAVIS__PDS__ENQUEUE_BULK_UPDATES"
value = "false"
}
]
task_secrets = [
{
name = "DB_CREDENTIALS"
valueFrom = var.db_secret_arn
},
{
name = "RAILS_MASTER_KEY"
valueFrom = var.rails_master_key_path
},
{
name = "READ_ONLY_DB_PASSWORD"
valueFrom = aws_secretsmanager_secret.read_only_db_password.arn
}
]
}
variable "allowed_egress_cidr_blocks" {
type = list(string)
description = "CIDR blocks for the allowed outbound traffic from the data replication service."
default = []
}