mirror of
https://github.com/ghndrx/terraform-foundation.git
synced 2026-02-10 06:45:06 +00:00
Greg Hendrickson
6136cde9bb
Enterprise-grade multi-tenant AWS cloud foundation. Modules: - GitHub OIDC for keyless CI/CD authentication - IAM account settings and security baseline - AWS Config Rules for compliance - ABAC (Attribute-Based Access Control) - SCPs (Service Control Policies) Features: - Multi-account architecture - Cost optimization patterns - Security best practices - Comprehensive documentation Tech: Terraform, AWS Organizations, IAM Identity Center
80 lines
1.8 KiB
HCL
80 lines
1.8 KiB
HCL
################################################################################
|
|
# Security Groups - Input Variables
|
|
################################################################################
|
|
|
|
variable "vpc_id" {
|
|
type = string
|
|
description = "VPC ID to create security groups in"
|
|
}
|
|
|
|
variable "name_prefix" {
|
|
type = string
|
|
description = "Prefix for security group names"
|
|
}
|
|
|
|
variable "create_web_tier" {
|
|
type = bool
|
|
default = false
|
|
description = "Create web tier security group"
|
|
}
|
|
|
|
variable "create_app_tier" {
|
|
type = bool
|
|
default = false
|
|
description = "Create application tier security group"
|
|
}
|
|
|
|
variable "create_db_tier" {
|
|
type = bool
|
|
default = false
|
|
description = "Create database tier security group"
|
|
}
|
|
|
|
variable "create_bastion" {
|
|
type = bool
|
|
default = false
|
|
description = "Create bastion host security group"
|
|
}
|
|
|
|
variable "create_endpoints" {
|
|
type = bool
|
|
default = false
|
|
description = "Create VPC endpoints security group"
|
|
}
|
|
|
|
variable "create_eks" {
|
|
type = bool
|
|
default = false
|
|
description = "Create EKS cluster and node security groups"
|
|
}
|
|
|
|
variable "web_ingress_cidr" {
|
|
type = string
|
|
default = "0.0.0.0/0"
|
|
description = "CIDR for web tier ingress (use ALB SG for production)"
|
|
}
|
|
|
|
variable "app_port" {
|
|
type = number
|
|
default = 8080
|
|
description = "Application port for app tier"
|
|
}
|
|
|
|
variable "db_port" {
|
|
type = number
|
|
default = 5432
|
|
description = "Database port (5432=PostgreSQL, 3306=MySQL)"
|
|
}
|
|
|
|
variable "allowed_ssh_cidrs" {
|
|
type = list(string)
|
|
default = []
|
|
description = "CIDRs allowed SSH access to bastion"
|
|
}
|
|
|
|
variable "tags" {
|
|
type = map(string)
|
|
default = {}
|
|
description = "Tags to apply to security groups"
|
|
}
|