| apim_auth_token_schedule |
Schedule to renew the APIM auth token |
string |
"rate(9 minutes)" |
no |
| apim_auth_token_url |
URL to generate an APIM auth token |
string |
"https://int.api.service.nhs.uk/oauth2/token" |
no |
| apim_base_url |
The URL used to send requests to PDM |
string |
"https://int.api.service.nhs.uk" |
no |
| apim_keygen_schedule |
Schedule to refresh key pairs if necessary |
string |
"cron(0 14 * * ? *)" |
no |
| athena_query_max_polling_attempts |
The number of times athena will be polled to check if a query is completed |
number |
3 |
no |
| athena_query_polling_time_seconds |
The amount of time in seconds to wait between each athena poll |
number |
15 |
no |
| aws_account_id |
The AWS Account ID (numeric) |
string |
n/a |
yes |
| aws_account_type |
The AWS Account Type |
string |
n/a |
yes |
| component |
The variable encapsulating the name of this component |
string |
"dl" |
no |
| core_notify_url |
The URL used to send requests to Notify |
string |
"https://sandbox.api.service.nhs.uk" |
no |
| default_cloudwatch_event_bus_name |
The name of the default cloudwatch event bus. This is needed as GuardDuty Scan Result events are sent to the default bus |
string |
"default" |
no |
| default_tags |
A map of default tags to apply to all taggable resources within the component |
map(string) |
{} |
no |
| enable_dynamodb_delete_protection |
Enable DynamoDB Delete Protection on all Tables |
bool |
true |
no |
| enable_event_anomaly_detection |
Enable CloudWatch anomaly detection alarm for core notifier queue message reception |
bool |
true |
no |
| enable_event_cache |
Enable caching of events to an S3 bucket |
bool |
true |
no |
| enable_mock_mesh |
Enable mock mesh access (dev only). Grants lambda permission to read mock-mesh prefix in non-pii bucket. |
bool |
false |
no |
| enable_pdm_mock |
Flag indicating whether to deploy PDM mock API (should be false in production environments) |
bool |
true |
no |
| enable_sns_delivery_logging |
Enable SNS Delivery Failure Notifications |
bool |
true |
no |
| environment |
The name of the tfscaffold environment |
string |
n/a |
yes |
| event_anomaly_band_width |
The width of the anomaly detection band. Higher values (e.g. 4-6) reduce sensitivity and noise, lower values (e.g. 2-3) increase sensitivity. Recommended: 2-4. |
number |
3 |
no |
| event_anomaly_evaluation_periods |
Number of evaluation periods for the anomaly alarm. Each period is defined by event_anomaly_period. |
number |
2 |
no |
| event_anomaly_period |
The period in seconds over which the specified statistic is applied for anomaly detection. Minimum 300 seconds (5 minutes). Recommended: 300-600. |
number |
300 |
no |
| eventbus_account_id |
The AWS Account ID for the event bus |
string |
n/a |
yes |
| eventpub_control_plane_bus_arn |
Event publisher control plane |
string |
n/a |
yes |
| eventpub_data_plane_bus_arn |
Event publisher data plane |
string |
n/a |
yes |
| force_destroy |
Flag to force deletion of S3 buckets |
bool |
false |
no |
| force_lambda_code_deploy |
If the lambda package in s3 has the same commit id tag as the terraform build branch, the lambda will not update automatically. Set to True if making changes to Lambda code from on the same commit for example during development |
bool |
false |
no |
| group |
The group variables are being inherited from (often synonmous with account short-name) |
string |
n/a |
yes |
| kms_deletion_window |
When a kms key is deleted, how long should it wait in the pending deletion state? |
string |
"30" |
no |
| log_level |
The log level to be used in lambda functions within the component. Any log with a lower severity than the configured value will not be logged: https://docs.python.org/3/library/logging.html#levels |
string |
"INFO" |
no |
| log_retention_in_days |
The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite |
number |
0 |
no |
| mesh_poll_schedule |
Schedule to poll MESH for messages |
string |
"rate(5 minutes)" |
no |
| metadata_refresh_schedule |
Schedule for refreshing reporting metadata. |
string |
"cron(10 6-22 * * ? *)" |
no |
| parent_acct_environment |
Name of the environment responsible for the acct resources used, affects things like DNS zone. Useful for named dev environments |
string |
"main" |
no |
| pdm_mock_access_token |
Mock access token for PDM API authentication (used in local/dev environments) |
string |
"mock-pdm-token" |
no |
| pdm_use_non_mock_token |
Whether to use the shared APIM access token from SSM (/component/environment/apim/access_token) instead of the mock token |
bool |
false |
no |
| pii_data_retention_non_current_days |
The number of non current days for data retention policy for PII |
number |
14 |
no |
| pii_data_retention_policy_days |
The number of days for data retention policy for PII |
number |
534 |
no |
| project |
The name of the tfscaffold project |
string |
n/a |
yes |
| queue_batch_size |
maximum number of queue items to process |
number |
10 |
no |
| queue_batch_window_seconds |
maximum time in seconds between processing events |
number |
1 |
no |
| region |
The AWS Region |
string |
n/a |
yes |
| report_scheduler_schedule |
Schedule to trigger sender reports |
string |
"cron(30 4 * * ? *)" |
no |
| reports_data_retention_non_current_days |
The number of non current days for data retention policy for reports generated by Athena in the reporting bucket |
number |
14 |
no |
| reports_data_retention_policy_days |
The number of days for data retention policy for reports generated by Athena in the reporting bucket |
number |
90 |
no |
| shared_infra_account_id |
The AWS Shared Infra Account ID (numeric) |
string |
n/a |
yes |
| sns_success_logging_sample_percent |
Enable SNS Delivery Successful Sample Percentage |
number |
0 |
no |
| sqs_max_receive_count |
Maximum number of times a message can be received before being sent to the DLQ |
string |
"3" |
no |
| ttl_poll_schedule |
Schedule to poll for any overdue TTL records |
string |
"rate(10 minutes)" |
no |