-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvariables.tf
153 lines (128 loc) · 5.15 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
variable "do_token" {
description = "DigitalOcean API token with write access"
type = string
}
variable "prefix" {
description = "Prefix applied to firewall rule names"
type = string
}
variable "droplet_ids" {
description = "List of droplet ids to which the rule sets will be applied"
type = list(string)
default = []
}
variable "tags" {
description = "List of tag ids, any droplet matching these tags will have the rule set applied"
type = list(string)
default = []
}
# HTTP
variable "allowed_outbound_http_addresses" {
default = ["0.0.0.0/0", "::/0"]
type = list(string)
description = "An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which outbound http (port 80) traffic will be allowed."
}
variable "allowed_outbound_http_droplet_ids" {
default = []
type = list(string)
description = "An array of droplet ids to which outbound http (port 80) traffic will be allowed."
}
variable "allowed_outbound_http_tags" {
default = []
type = list(string)
description = "An array of tags of droplets to which outbound http (port 80) traffic will be allowed."
}
variable "allowed_outbound_http_load_balancer_uids" {
default = []
type = list(string)
description = "An array containing the IDs of the Load Balancers to which outbound http (port 80) traffic will be allowed."
}
# HTTPS
variable "allowed_outbound_https_addresses" {
default = ["0.0.0.0/0", "::/0"]
type = list(string)
description = "An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which outbound https (port 443) traffic will be allowed."
}
variable "allowed_outbound_https_droplet_ids" {
default = []
type = list(string)
description = "An array of droplet ids to which outbound https (port 443) traffic will be allowed."
}
variable "allowed_outbound_https_tags" {
default = []
type = list(string)
description = "An array of tags of droplets to which outbound https (port 443) traffic will be allowed."
}
variable "allowed_outbound_https_load_balancer_uids" {
default = []
type = list(string)
description = "An array containing the IDs of the Load Balancers to which outbound https (port 443) traffic will be allowed."
}
# DNS
variable "allowed_outbound_dns_addresses" {
default = ["0.0.0.0/0", "::/0"]
type = list(string)
description = "An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which outbound DNS (port 53) traffic will be allowed."
}
variable "allowed_outbound_dns_droplet_ids" {
default = []
type = list(string)
description = "An array of droplet ids to which outbound DNS (port 53) traffic will be allowed."
}
variable "allowed_outbound_dns_tags" {
default = []
type = list(string)
description = "An array of tags of droplets to which outbound DNS (port 53) traffic will be allowed."
}
variable "allowed_outbound_dns_load_balancer_uids" {
default = []
type = list(string)
description = "An array containing the IDs of the Load Balancers to which outbound DNS (port 53) traffic will be allowed."
}
# NTP
variable "allowed_outbound_ntp_addresses" {
default = ["0.0.0.0/0", "::/0"]
type = list(string)
description = "An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which outbound NTP (port 123/udp) traffic will be allowed."
}
variable "allowed_outbound_ntp_droplet_ids" {
default = []
type = list(string)
description = "An array of droplet ids to which outbound NTP (port 123/udp) traffic will be allowed."
}
variable "allowed_outbound_ntp_tags" {
default = []
type = list(string)
description = "An array of tags of droplets to which outbound NTP (port 123/udp) traffic will be allowed."
}
# SSH
variable "allowed_outbound_ssh_addresses" {
default = ["0.0.0.0/0", "::/0"]
type = list(string)
description = "An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which outbound SSH (port 22) traffic will be allowed."
}
variable "allowed_outbound_ssh_droplet_ids" {
default = []
type = list(string)
description = "An array of droplet ids to which outbound SSH (port 22) traffic will be allowed."
}
variable "allowed_outbound_ssh_tags" {
default = []
type = list(string)
description = "An array of tags of droplets to which outbound SSH (port 22) traffic will be allowed."
}
variable "allowed_inbound_ssh_tags" {
default = []
type = list(string)
description = "List of droplet tags from which SSH is allowed."
}
variable "allowed_inbound_ssh_droplet_ids" {
default = []
type = list(string)
description = "List of droplet ids from which SSH is allowed."
}
variable "allowed_inbound_ssh_adresses" {
default = ["0.0.0.0/0", "::/0"]
type = list(string)
description = "An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound SSH traffic will be accepted."
}