Add descriptions and types to variables

jdheyburn · jdheyburn · commit a947245bcd8d · 2020-08-27T16:04:03.000+01:00
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -1,100 +1,162 @@
 /* See terraform.tfvars for descriptions of each of the variables. */
 
 variable "aws_account_id" {
+  type        = string
+  description = "12-digit AWS account ID"
 }
 
 variable "aws_region" {
+  type        = string
+  description = "AWS region in which to deploy the BinaryAlert components"
 }
 
 variable "name_prefix" {
+  type        = string
+  description = "Prefix used in all resource names (required for uniqueness) E.g. 'company_team'"
 }
 
 variable "enable_carbon_black_downloader" {
+  type        = bool
+  description = "Whether to enable CarbonBlack Downloader resources"
 }
 
 variable "carbon_black_url" {
+  type        = string
+  description = "URL of the CarbonBlack server"
 }
 
 variable "carbon_black_timeout" {
+  type        = number
+  description = "Timeout to use for Carbon Black API client. The client default is 60, so set to something lower if desired"
 }
 
 variable "encrypted_carbon_black_api_token" {
+  type        = string
+  description = "Encrypted API token used to interface with CarbonBlack"
 }
 
 variable "s3_log_bucket" {
+  type        = string
+  description = "Pre-existing bucket in which to store S3 access logs. If not specified, one will be created"
 }
 
 variable "s3_log_prefix" {
+  type        = string
+  description = "Log files will be stored in S3 with this prefix"
 }
 
 variable "s3_log_expiration_days" {
+  type        = number
+  description = "Access logs expire after this many days. Has no effect if using pre-existing bucket for logs"
 }
 
 variable "lambda_log_retention_days" {
+  type        = number
+  description = "How long to retain Lambda function logs for in days"
 }
 
 variable "tagged_name" {
+  type        = string
+  description = "Assigns this as the value for tag key 'Name' for all supported resources (CloudWatch logs, Dynamo, KMS, Lambda, S3, SQS)"
 }
 
 variable "metric_alarm_sns_topic_arn" {
+  type        = string
+  description = "Use an existing SNS topic for metric alarms (instead of creating one automatically)"
 }
 
 variable "expected_analysis_frequency_minutes" {
+  type        = number
+  description = "Alarm if no binaries are analyzed for this amount of time"
 }
 
 variable "dynamo_read_capacity" {
+  type        = number
+  description = "Provisioned read capacity for the Dynamo table which stores match results"
 }
 
 variable "dynamo_write_capacity" {
+  type        = number
+  description = "Provisioned write capacity for the Dynamo table which stores match results"
 }
 
 variable "lambda_analyze_memory_mb" {
+  type        = number
+  description = "Memory limit for the analyzer function"
 }
 
 variable "lambda_analyze_timeout_sec" {
+  type        = number
+  description = "Time limit for the analyzer function"
 }
 
 variable "lambda_analyze_concurrency_limit" {
+  type        = number
+  description = "Concurrency limit for the analyzer function"
 }
 
 variable "lambda_download_memory_mb" {
+  type        = number
+  description = "Memory limit for the downloader function"
 }
 
 variable "lambda_download_timeout_sec" {
+  type        = number
+  description = "Time limit for the downloader function"
 }
 
 variable "lambda_download_concurrency_limit" {
+  type        = number
+  description = "Concurrency limit for the downloader function"
 }
 
 variable "force_destroy" {
+  type        = bool
+  description = "WARNING: If force destroy is enabled, all objects in the S3 bucket(s) will be deleted during"
 }
 
 variable "external_s3_bucket_resources" {
-  type = list(string)
+  type        = list(string)
+  description = "Grants appropriate S3 bucket permissions to the analyzer function if you are using BinaryAlert to scan existing S3 buckets"
 }
 
 variable "external_kms_key_resources" {
-  type = list(string)
+  type        = list(string)
+  description = "Grants appropriate KMS permissions to the analyzer function if you are using BinaryAlert to scan existing S3 buckets"
 }
 
 variable "enable_negative_match_alerts" {
+  type        = bool
+  description = "Create a separate SNS topic which reports files that do NOT match any YARA rules"
 }
 
 variable "analyze_queue_batch_size" {
+  type        = number
+  description = "Maximum number of messages that will be received by each invocation of the analyzer function"
 }
 
 variable "download_queue_batch_size" {
+  type        = number
+  description = "Maximum number of messages that will be received by each invocation of the downloader function"
 }
 
 variable "analyze_queue_retention_secs" {
+  type        = number
+  description = "Messages in the analyzer queue will be retained and retried for the specified duration until expiring"
 }
 
 variable "download_queue_retention_secs" {
+  type        = number
+  description = "Messages in the downloader queue will be retained and retried for the specified duration until expiring"
 }
 
 variable "objects_per_retro_message" {
+  type        = number
+  description = "During a retroactive scan, number of S3 objects to pack into a single SQS message"
 }
 
 variable "download_queue_max_receives" {
+  type        = number
+  description = "Number of times a download SQS message is attempted to be delivered successfully before being moved to the DLQ"
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1,100 +1,162 @@`
`1`	`1`	`/* See terraform.tfvars for descriptions of each of the variables. */`
`2`	`2`
`3`	`3`	`variable "aws_account_id" {`
	`4`	`+ type = string`
	`5`	`+ description = "12-digit AWS account ID"`
`4`	`6`	`}`
`5`	`7`
`6`	`8`	`variable "aws_region" {`
	`9`	`+ type = string`
	`10`	`+ description = "AWS region in which to deploy the BinaryAlert components"`
`7`	`11`	`}`
`8`	`12`
`9`	`13`	`variable "name_prefix" {`
	`14`	`+ type = string`
	`15`	`+ description = "Prefix used in all resource names (required for uniqueness) E.g. 'company_team'"`
`10`	`16`	`}`
`11`	`17`
`12`	`18`	`variable "enable_carbon_black_downloader" {`
	`19`	`+ type = bool`
	`20`	`+ description = "Whether to enable CarbonBlack Downloader resources"`
`13`	`21`	`}`
`14`	`22`
`15`	`23`	`variable "carbon_black_url" {`
	`24`	`+ type = string`
	`25`	`+ description = "URL of the CarbonBlack server"`
`16`	`26`	`}`
`17`	`27`
`18`	`28`	`variable "carbon_black_timeout" {`
	`29`	`+ type = number`
	`30`	`+ description = "Timeout to use for Carbon Black API client. The client default is 60, so set to something lower if desired"`
`19`	`31`	`}`
`20`	`32`
`21`	`33`	`variable "encrypted_carbon_black_api_token" {`
	`34`	`+ type = string`
	`35`	`+ description = "Encrypted API token used to interface with CarbonBlack"`
`22`	`36`	`}`
`23`	`37`
`24`	`38`	`variable "s3_log_bucket" {`
	`39`	`+ type = string`
	`40`	`+ description = "Pre-existing bucket in which to store S3 access logs. If not specified, one will be created"`
`25`	`41`	`}`
`26`	`42`
`27`	`43`	`variable "s3_log_prefix" {`
	`44`	`+ type = string`
	`45`	`+ description = "Log files will be stored in S3 with this prefix"`
`28`	`46`	`}`
`29`	`47`
`30`	`48`	`variable "s3_log_expiration_days" {`
	`49`	`+ type = number`
	`50`	`+ description = "Access logs expire after this many days. Has no effect if using pre-existing bucket for logs"`
`31`	`51`	`}`
`32`	`52`
`33`	`53`	`variable "lambda_log_retention_days" {`
	`54`	`+ type = number`
	`55`	`+ description = "How long to retain Lambda function logs for in days"`
`34`	`56`	`}`
`35`	`57`
`36`	`58`	`variable "tagged_name" {`
	`59`	`+ type = string`
	`60`	`+ description = "Assigns this as the value for tag key 'Name' for all supported resources (CloudWatch logs, Dynamo, KMS, Lambda, S3, SQS)"`
`37`	`61`	`}`
`38`	`62`
`39`	`63`	`variable "metric_alarm_sns_topic_arn" {`
	`64`	`+ type = string`
	`65`	`+ description = "Use an existing SNS topic for metric alarms (instead of creating one automatically)"`
`40`	`66`	`}`
`41`	`67`
`42`	`68`	`variable "expected_analysis_frequency_minutes" {`
	`69`	`+ type = number`
	`70`	`+ description = "Alarm if no binaries are analyzed for this amount of time"`
`43`	`71`	`}`
`44`	`72`
`45`	`73`	`variable "dynamo_read_capacity" {`
	`74`	`+ type = number`
	`75`	`+ description = "Provisioned read capacity for the Dynamo table which stores match results"`
`46`	`76`	`}`
`47`	`77`
`48`	`78`	`variable "dynamo_write_capacity" {`
	`79`	`+ type = number`
	`80`	`+ description = "Provisioned write capacity for the Dynamo table which stores match results"`
`49`	`81`	`}`
`50`	`82`
`51`	`83`	`variable "lambda_analyze_memory_mb" {`
	`84`	`+ type = number`
	`85`	`+ description = "Memory limit for the analyzer function"`
`52`	`86`	`}`
`53`	`87`
`54`	`88`	`variable "lambda_analyze_timeout_sec" {`
	`89`	`+ type = number`
	`90`	`+ description = "Time limit for the analyzer function"`
`55`	`91`	`}`
`56`	`92`
`57`	`93`	`variable "lambda_analyze_concurrency_limit" {`
	`94`	`+ type = number`
	`95`	`+ description = "Concurrency limit for the analyzer function"`
`58`	`96`	`}`
`59`	`97`
`60`	`98`	`variable "lambda_download_memory_mb" {`
	`99`	`+ type = number`
	`100`	`+ description = "Memory limit for the downloader function"`
`61`	`101`	`}`
`62`	`102`
`63`	`103`	`variable "lambda_download_timeout_sec" {`
	`104`	`+ type = number`
	`105`	`+ description = "Time limit for the downloader function"`
`64`	`106`	`}`
`65`	`107`
`66`	`108`	`variable "lambda_download_concurrency_limit" {`
	`109`	`+ type = number`
	`110`	`+ description = "Concurrency limit for the downloader function"`
`67`	`111`	`}`
`68`	`112`
`69`	`113`	`variable "force_destroy" {`
	`114`	`+ type = bool`
	`115`	`+ description = "WARNING: If force destroy is enabled, all objects in the S3 bucket(s) will be deleted during"`
`70`	`116`	`}`
`71`	`117`
`72`	`118`	`variable "external_s3_bucket_resources" {`
`73`		`- type = list(string)`
	`119`	`+ type = list(string)`
	`120`	`+ description = "Grants appropriate S3 bucket permissions to the analyzer function if you are using BinaryAlert to scan existing S3 buckets"`
`74`	`121`	`}`
`75`	`122`
`76`	`123`	`variable "external_kms_key_resources" {`
`77`		`- type = list(string)`
	`124`	`+ type = list(string)`
	`125`	`+ description = "Grants appropriate KMS permissions to the analyzer function if you are using BinaryAlert to scan existing S3 buckets"`
`78`	`126`	`}`
`79`	`127`
`80`	`128`	`variable "enable_negative_match_alerts" {`
	`129`	`+ type = bool`
	`130`	`+ description = "Create a separate SNS topic which reports files that do NOT match any YARA rules"`
`81`	`131`	`}`
`82`	`132`
`83`	`133`	`variable "analyze_queue_batch_size" {`
	`134`	`+ type = number`
	`135`	`+ description = "Maximum number of messages that will be received by each invocation of the analyzer function"`
`84`	`136`	`}`
`85`	`137`
`86`	`138`	`variable "download_queue_batch_size" {`
	`139`	`+ type = number`
	`140`	`+ description = "Maximum number of messages that will be received by each invocation of the downloader function"`
`87`	`141`	`}`
`88`	`142`
`89`	`143`	`variable "analyze_queue_retention_secs" {`
	`144`	`+ type = number`
	`145`	`+ description = "Messages in the analyzer queue will be retained and retried for the specified duration until expiring"`
`90`	`146`	`}`
`91`	`147`
`92`	`148`	`variable "download_queue_retention_secs" {`
	`149`	`+ type = number`
	`150`	`+ description = "Messages in the downloader queue will be retained and retried for the specified duration until expiring"`
`93`	`151`	`}`
`94`	`152`
`95`	`153`	`variable "objects_per_retro_message" {`
	`154`	`+ type = number`
	`155`	`+ description = "During a retroactive scan, number of S3 objects to pack into a single SQS message"`
`96`	`156`	`}`
`97`	`157`
`98`	`158`	`variable "download_queue_max_receives" {`
	`159`	`+ type = number`
	`160`	`+ description = "Number of times a download SQS message is attempted to be delivered successfully before being moved to the DLQ"`
`99`	`161`	`}`
`100`	`162`