-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
62 lines (55 loc) · 1.72 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
}
variable "aqua_cspm_apikey" {
description = "Aqua CSPM API key: Account Management > API Keys > Generate Key"
type = string
sensitive = true
}
variable "aqua_cspm_secretkey" {
description = "Aqua CSPM Secret"
type = string
sensitive = true
}
variable "aqua_group_name" {
description = "Aqua CSPM Group Name from the Aqua Wave console"
type = string
default = "Default"
}
#########
## KMS ##
#########
variable "kms_aliases" {
description = "A list of aliases to create. Note - due to the use of toset(), values must be static strings and not computed values"
type = list(string)
default = [
"alias/AquaCSPM-Control-Tower-AquaSec"
]
}
variable "enable_kms_key_rotation" {
description = "Specifies whether key rotation is enabled. Defaults to true"
type = bool
default = true
}
#############################
# Security Hub integration
#############################
variable "aqua_sechub_integration" {
description = <<-EOF
Enables aqua security hub integration. If enabled, findings from Aquasec will be pushed to security hub.
Notification type can be either "send_all" or "send_only_failed". Default is "send_all"
EOF
type = object({
enabled = bool
notification_type = optional(string, "send_all")
})
default = {
enabled = false
}
validation {
condition = contains(["send_all", "send_only_failed"], var.aqua_sechub_integration.notification_type)
error_message = "sechub_notification_type must be either Send All Scan Reports (send_all) or Send Only Failed Scan Reports (send_only_failed)"
}
}