You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| <aname="input_additional_security_group_rules"></a> [additional\_security\_group\_rules](#input\_additional\_security\_group\_rules)| A list of Security Group rule objects to add to the created security group, in addition to the ones<br>this module normally creates. (To suppress the module's rules, set `create_security_group` to false<br>and supply your own security group via `associated_security_group_ids`.)<br>The keys and values of the objects are fully compatible with the `aws_security_group_rule` resource, except<br>for `security_group_id` which will be ignored, and the optional "key" which, if provided, must be unique and known at "plan" time.<br>To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule . |`list(any)`|`[]`| no |
185
185
| <aname="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map)| Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.<br>This is for some rare cases where resources want additional configuration of tags<br>and therefore take a list of maps with tag key, value, and additional configuration. |`map(string)`|`{}`| no |
186
186
| <aname="input_allowed_cidr_blocks"></a> [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks)| List of CIDR blocks to be allowed to connect to the cluster |`list(string)`|`[]`| no |
187
+
| <aname="input_allowed_security_group_ids"></a> [allowed\_security\_group\_ids](#input\_allowed\_security\_group\_ids)| A list of IDs of Security Groups to allow access to the security group created by this module. |`list(string)`|`[]`| no |
188
+
| <aname="input_associated_security_group_ids"></a> [associated\_security\_group\_ids](#input\_associated\_security\_group\_ids)| A list of IDs of Security Groups to associate the created resource with, in addition to the created security group.<br>These security groups will not be modified and, if `create_security_group` is `false`, must have rules providing the desired access. |`list(string)`|`[]`| no |
187
189
| <aname="input_attributes"></a> [attributes](#input\_attributes)| ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. |`list(string)`|`[]`| no |
188
190
| <aname="input_broker_instance_type"></a> [broker\_instance\_type](#input\_broker\_instance\_type)| The instance type to use for the Kafka brokers |`string`| n/a | yes |
189
-
| <aname="input_broker_node_security_groups"></a> [broker\_node\_security\_groups](#input\_broker\_node\_security\_groups)| List of broker node security group IDs to be associated with the elastic network interfaces to control who can communicate with the cluster |`list(string)`|`[]`| no |
190
191
| <aname="input_broker_volume_size"></a> [broker\_volume\_size](#input\_broker\_volume\_size)| The size in GiB of the EBS volume for the data drive on each broker node |`number`|`1000`| no |
191
192
| <aname="input_certificate_authority_arns"></a> [certificate\_authority\_arns](#input\_certificate\_authority\_arns)| List of ACM Certificate Authority Amazon Resource Names (ARNs) to be used for TLS client authentication |`list(string)`|`[]`| no |
192
193
| <aname="input_client_broker"></a> [client\_broker](#input\_client\_broker)| Encryption setting for data in transit between clients and brokers. Valid values: `TLS`, `TLS_PLAINTEXT`, and `PLAINTEXT`|`string`|`"TLS"`| no |
@@ -197,6 +198,7 @@ Available targets:
197
198
| <aname="input_cloudwatch_logs_enabled"></a> [cloudwatch\_logs\_enabled](#input\_cloudwatch\_logs\_enabled)| Indicates whether you want to enable or disable streaming broker logs to Cloudwatch Logs |`bool`|`false`| no |
198
199
| <aname="input_cloudwatch_logs_log_group"></a> [cloudwatch\_logs\_log\_group](#input\_cloudwatch\_logs\_log\_group)| Name of the Cloudwatch Log Group to deliver logs to |`string`|`null`| no |
199
200
| <aname="input_context"></a> [context](#input\_context)| Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. |`any`| <pre>{<br> "additional_tag_map": {},<br> "attributes": [],<br> "delimiter": null,<br> "descriptor_formats": {},<br> "enabled": true,<br> "environment": null,<br> "id_length_limit": null,<br> "label_key_case": null,<br> "label_order": [],<br> "label_value_case": null,<br> "labels_as_tags": [<br> "unset"<br> ],<br> "name": null,<br> "namespace": null,<br> "regex_replace_chars": null,<br> "stage": null,<br> "tags": {},<br> "tenant": null<br>}</pre> | no |
201
+
| <aname="input_create_security_group"></a> [create\_security\_group](#input\_create\_security\_group)| Set `true` to create and configure a new security group. If false, `associated_security_group_ids` must be provided. |`bool`|`true`| no |
200
202
| <aname="input_delimiter"></a> [delimiter](#input\_delimiter)| Delimiter to be used between ID elements.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. |`string`|`null`| no |
201
203
| <aname="input_descriptor_formats"></a> [descriptor\_formats](#input\_descriptor\_formats)| Describe additional descriptors to be output in the `descriptors` output map.<br>Map of maps. Keys are names of descriptors. Values are maps of the form<br>`{<br> format = string<br> labels = list(string)<br>}`<br>(Type is `any` so the map values can later be enhanced to provide additional options.)<br>`format` is a Terraform format string to be passed to the `format()` function.<br>`labels` is a list of labels, in order, to pass to `format()` function.<br>Label values will be normalized before being passed to `format()` so they will be<br>identical to how they appear in `id`.<br>Default is `{}` (`descriptors` output will be empty). |`any`|`{}`| no |
202
204
| <aname="input_enabled"></a> [enabled](#input\_enabled)| Set to false to prevent the module from creating any resources |`bool`|`null`| no |
@@ -222,7 +224,12 @@ Available targets:
222
224
| <aname="input_s3_logs_bucket"></a> [s3\_logs\_bucket](#input\_s3\_logs\_bucket)| Name of the S3 bucket to deliver logs to |`string`|`""`| no |
223
225
| <aname="input_s3_logs_enabled"></a> [s3\_logs\_enabled](#input\_s3\_logs\_enabled)| Indicates whether you want to enable or disable streaming broker logs to S3 |`bool`|`false`| no |
224
226
| <aname="input_s3_logs_prefix"></a> [s3\_logs\_prefix](#input\_s3\_logs\_prefix)| Prefix to append to the S3 folder name logs are delivered to |`string`|`""`| no |
225
-
| <aname="input_security_groups"></a> [security\_groups](#input\_security\_groups)| List of security group IDs to be allowed to connect to the cluster |`list(string)`|`[]`| no |
227
+
| <aname="input_security_group_create_before_destroy"></a> [security\_group\_create\_before\_destroy](#input\_security\_group\_create\_before\_destroy)| Set `true` to enable Terraform `create_before_destroy` behavior on the created security group.<br>We recommend setting this `true` on new security groups, but default it to `false` because `true`<br>will cause existing security groups to be replaced, possibly requiring the cluster to be deleted and recreated.<br>Note that changing this value will always cause the security group to be replaced. |`bool`|`false`| no |
228
+
| <aname="input_security_group_create_timeout"></a> [security\_group\_create\_timeout](#input\_security\_group\_create\_timeout)| How long to wait for the security group to be created. |`string`|`"10m"`| no |
229
+
| <aname="input_security_group_delete_timeout"></a> [security\_group\_delete\_timeout](#input\_security\_group\_delete\_timeout)| How long to retry on `DependencyViolation` errors during security group deletion from<br>lingering ENIs left by certain AWS services such as Elastic Load Balancing. |`string`|`"15m"`| no |
230
+
| <aname="input_security_group_description"></a> [security\_group\_description](#input\_security\_group\_description)| The description to assign to the created Security Group.<br>Warning: Changing the description causes the security group to be replaced. |`string`|`null`| no |
231
+
| <aname="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name)| The name to assign to the created security group. Must be unique within the VPC.<br>If not provided, will be derived from the `null-label.context` passed in.<br>If `create_before_destroy` is true, will be used as a name prefix. |`list(string)`|`[]`| no |
232
+
| <aname="input_security_groups"></a> [security\_groups](#input\_security\_groups)| DEPRECATED: Use `allowed_security_group_ids` instead.<br>List of security group IDs to be allowed to connect to the cluster |`list(string)`|`[]`| no |
226
233
| <aname="input_stage"></a> [stage](#input\_stage)| ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' |`string`|`null`| no |
227
234
| <aname="input_storage_autoscaling_disable_scale_in"></a> [storage\_autoscaling\_disable\_scale\_in](#input\_storage\_autoscaling\_disable\_scale\_in)| If the value is true, scale in is disabled and the target tracking policy won't remove capacity from the scalable resource. |`bool`|`false`| no |
228
235
| <aname="input_storage_autoscaling_max_capacity"></a> [storage\_autoscaling\_max\_capacity](#input\_storage\_autoscaling\_max\_capacity)| Maximum size the autoscaling policy can scale storage. Defaults to `broker_volume_size`|`number`|`null`| no |
0 commit comments