This repository has been archived by the owner on Jan 22, 2024. It is now read-only.
generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
76 lines (64 loc) · 3.04 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
##############################################################################
# Input Variables
##############################################################################
variable "resource_group_id" {
description = "The resource group ID where the Data Engine instance will be created."
type = string
}
variable "instance_name" {
description = "The name to give the Data Engine instance."
type = string
}
variable "tags" {
type = list(any)
description = "(Optional, Array of Strings) A list of tags that you want to add to your instance."
default = []
}
variable "region" {
type = string
description = "The region where you want to deploy your instance."
default = "us-south"
}
variable "plan" {
type = string
description = "The plan for the Data Engine instance. Supported plans: standard or lite."
default = "lite"
validation {
condition = contains(["standard", "lite"], var.plan)
error_message = "Supported plans: standard or lite."
}
}
variable "kms_endpoint" {
description = "The KMS endpoint to use when configuring KMS encryption. Must be private or public."
type = string
default = "private"
validation {
condition = contains(["public", "private"], var.kms_endpoint)
error_message = "Valid values for kms_endpoint are 'public' or 'private'."
}
}
variable "kms_encryption_enabled" {
type = bool
description = "Set this to true to control the encryption keys used to encrypt the data that you store in Data Engine. If set to false, the data is encrypted by using randomly generated keys. For more info on Key Protect integration, see https://cloud.ibm.com/docs/sql-query?topic=sql-query-securing-data."
default = false
}
variable "skip_iam_authorization_policy" {
type = bool
description = "Set to true to skip the creation of an IAM authorization policy that permits all Data Engine instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the existing_kms_instance_guid variable. In addition, no policy is created if var.kms_encryption_enabled is set to false."
default = false
}
variable "kms_region" {
description = "The region where KMS instance exists if using KMS encryption."
type = string
default = "us-south"
}
variable "existing_kms_instance_guid" {
type = string
description = "The GUID the Key Protect instance in which the key specified in var.kms_key_crn is coming from. Required only if var.kms_encryption_enabled is set to true, var.skip_iam_authorization_policy is set to false. NOTE: Hyper Protect Crypto Services is not currently supported by Data Engine."
default = null
}
variable "kms_key_id" {
type = string
description = "The root key ID of a Key Protect key that you want to use to encrypt your stored Data Engine jobs. Only used if var.kms_encryption_enabled is set to true. NOTE: Hyper Protect Crypto Services is not currently supported by Data Engine."
default = null
}