#
# Copyright Amazon.com, Inc. and its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT
#
# Licensed under the MIT License. See the LICENSE accompanying this file
# for the specific language governing permissions and limitations under
# the License.
#

#-----------Identifiers and tags

variable "vpc_name" {
  description = "[Required] Name to be used for the vpc and all the resources as identifier"
  type        = string
}

variable "vpc_suffix" {
  description = "[optional] suffix to append to the VPC name"
  type        = string
  default     = ""
}

variable "tags" {
  description = "[optional] A map of tags to add to all resources"
  type        = map(string)
  default     = {}
}

#-----------VPC CIDR blocks

variable "vpc_main_cidr" {
  description = "[Required] The main CIDR block for the VPC"
  type        = string
}


variable "enable_ipv6" {
  description = "[optional] Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block."
  type        = bool
  default     = false
}

variable "secondary_cidr_blocks" {
  description = "[optional] List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool"
  type        = list(string)
  default     = []
}


#-----------VPC characteristics


variable "enable_dns_hostnames" {
  description = "[optional] Should be true to enable DNS hostnames in the VPC"
  type        = bool
  default     = false
}

variable "enable_dns_support" {
  description = "[optional] Should be true to enable DNS support in the VPC"
  type        = bool
  default     = true
}


variable "instance_tenancy" {
  description = "[optional] A tenancy option for instances launched into the VPC"
  type        = string
  default     = "default"
}

variable "enable_internet_gateway" {
  description = "[optional] Should be true if you want to provision Internet Gateways for your public subnets"
  type        = bool
  default     = false
}

variable "enable_nat_gateway" {
  description = "[optional] Should be true if you want to provision NAT Gateways for each of your private networks"
  type        = bool
  default     = false
}

#-----------subnet characteristics

variable "number_AZ" {
  description = "[optional] This field is used if you need to create more than one subnet per AZ. Specify the number of AZ's (default 2). In the variable *_subnets_cidr_list, the order should be [CIDR subnet 1 AZ A, CIDR subnet 2 AZ B, CIDR subnet 3 AZ A...]"
  type        = number
  default     = 2
}

variable "private_subnets_cidr_list" {
  description = "[optional] A list of private subnet CIDR blocks inside the VPC (for endpoints, eni, etc.)."
  type        = list(string)
  default     = []
}

variable "private_subnets_suffix" {
  description = "[optional] Suffix to append to private subnets name"
  type        = string
  default     = "private"
}

variable "private_subnets_internet_access_nat_gw" {
  description = "[optional] connectivity with nat gw. Boolean. False by default."
  type        = bool
  default     = false
}

variable "tgw_subnets_cidr_list" {
  description = "[optional] A list of transit gateway private subnets CIDR blocks inside the VPC (for endpoints, eni, etc.)"
  type        = list(string)
  default     = []
}

variable "tgw_subnets_suffix" {
  description = "[optional] Suffix to append to transit gateway private subnets name"
  type        = string
  default     = "tgw-private"
}

variable "tgw_subnets_internet_access_nat_gw" {
  description = "[optional] connectivity with nat gw. Boolean. False by default."
  type        = bool
  default     = false
}

variable "fw_subnets_cidr_list" {
  description = "[optional] A list of network firewall subnets CIDR blocks inside the VPC (for endpoints, eni, etc.)"
  type        = list(string)
  default     = []
}

variable "fw_subnets_suffix" {
  description = "[optional] Suffix to append to network firewall subnets name"
  type        = string
  default     = "network-fw"
}

variable "fw_subnets_internet_access_nat_gw" {
  description = "[optional] connectivity with nat gw. Boolean. False by default."
  type        = bool
  default     = false
}


variable "public_subnets_cidr_list" {
  description = "[optional] A list of public subnet CIDR blocks inside the VPC"
  type        = list(string)
  default     = []
}

variable "public_subnets_suffix" {
  description = "[optional] Suffix to append to public subnets name"
  type        = string
  default     = "public"
}


variable "map_public_ip_on_launch" {
  description = "[optional] specify true to indicate that instances launched into the subnet should be assigned a public IP address."
  type        = bool
  default     = false
}

variable "web_tier_subnets_cidr_list" {
  description = "[optional] A list of web tier subnet CIDR blocks inside the VPC"
  type        = list(string)
  default     = []
}

variable "web_subnets_suffix" {
  description = "[optional] Suffix to append to web subnets name"
  type        = string
  default     = "web"
}

variable "web_subnets_internet_access_nat_gw" {
  description = "[optional] connectivity with nat gw. Boolean. False by default."
  type        = bool
  default     = false
}

variable "pres_tier_subnets_cidr_list" {
  description = "[optional] A list of presentation tier subnet CIDR blocks inside the VPC"
  type        = list(string)
  default     = []
}

variable "pres_subnets_suffix" {
  description = "[optional] Suffix to append to presentation subnets name"
  type        = string
  default     = "presentation"
}


variable "database_tier_subnets_cidr_list" {
  description = "[optional] A list of database tier subnet CIDR blocks inside the VPC"
  type        = list(string)
  default     = []
}

variable "database_subnets_suffix" {
  description = "[optional] Suffix to append to database subnets name"
  type        = string
  default     = "database"
}

variable "outposts_subnets_cidr_list" {
  description = "[optional] A list of outposts subnet CIDR blocks inside the VPC"
  type        = list(string)
  default     = []
}

variable "coip_auto_assign" {
  description = "[optional] true if customer owned ip address pool has to be associated with outpost subnets"
  type        = bool
  default     = false
}

variable "outposts_subnets_suffix" {
  description = "[optional] Suffix to append to outposts subnets name"
  type        = string
  default     = "outposts"
}

variable "outposts_arn" {
  description = "[optional] Arn of the outposts where the subnets will be launched"
  type        = string
  default     = ""
}

#variable "associate_vpc_with_local_gw_route_table" {
#  description = "[optional] create an association between outposts local gateway route table and vpc"
#  type        = bool
#  default     = false
#}

variable "outposts_route_to_LGW_destination" {
  description = "[optional] IPv4 CIDR block destination to route to LGW in outposts subnet"
  type        = string
  default     = ""
}

variable "outposts_local_gateway_id" {
  description = "[optional] Outposts local gateway ID"
  type        = string
  default     = ""
}


variable "outposts_subnets_internet_access_nat_gw" {
  description = "[optional] connectivity with nat gw. Boolean. False by default."
  type        = bool
  default     = false
}

#---------SSM


variable "enable_ssm" {
  description = "[optional] Enable SSM for EC2 instances. If true, IAM role and endpoints will be deployed."
  type        = bool
  default     = false
}

variable "enable_s3_endpoint" {
  description = "[optional] True to create an S3 VPC gateway endpoint."
  type        = bool
  default     = false
}

variable "create_iam_role_ssm" {
  description = "[optional] Enable or disable the creation of an IAM role for EC2 instances to connect using SSM"
  type        = bool
  default     = false
}

variable "endpoints_ha" {
  description = "[optional] Enable or disable the creation of endpoints in 2 AZ. If false, endpoints will be created in one subnet. If true, in 2 AZ."
  type        = bool
  default     = false
}

#---------DHCP OPTIONS

variable "enable_dhcp_options" {
  description = "[optional] Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type"
  type        = bool
  default     = false
}

variable "dhcp_options_domain_name" {
  description = "[optional] Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true)"
  type        = string
  default     = ""
}

variable "dhcp_options_domain_name_servers" {
  description = "[optional] Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true)"
  type        = list(string)
  default     = ["AmazonProvidedDNS"]
}

variable "dhcp_options_ntp_servers" {
  description = "[optional] Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true)"
  type        = list(string)
  default     = []
}

variable "dhcp_options_netbios_name_servers" {
  description = "[optional] Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true)"
  type        = list(string)
  default     = []
}

variable "dhcp_options_netbios_node_type" {
  description = "[optional] Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true)"
  type        = string
  default     = ""
}

#-----------FLOW LOGS
variable "enable_flow_log" {
  description = "[optional] Whether or not to enable CW VPC Flow Logs"
  type        = bool
  default     = false
}

variable "create_flow_log_cloudwatch_log_group" {
  description = "[optional] Whether to create CloudWatch log group for VPC Flow Logs"
  type        = bool
  default     = false
}

variable "create_flow_log_cloudwatch_iam_role" {
  description = "[optional] Whether to create IAM role for VPC Flow Logs"
  type        = bool
  default     = false
}

variable "flow_log_traffic_type" {
  description = "[optional] The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL."
  type        = string
  default     = "ALL"
}

variable "flow_log_destination_type" {
  description = "[optional] Type of flow log destination. Can be s3 or cloud-watch-logs."
  type        = string
  default     = "cloud-watch-logs"
}

variable "flow_log_log_format" {
  description = "[optional] The fields to include in the flow log record, in the order in which they should appear."
  type        = string
  default     = null
}

variable "flow_log_destination_arn" {
  description = "[optional] The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided."
  type        = string
  default     = ""
}

variable "flow_log_cloudwatch_iam_role_arn" {
  description = "[optional] The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided."
  type        = string
  default     = ""
}

variable "flow_log_cloudwatch_log_group_name_prefix" {
  description = "[optional] Specifies the name prefix of CloudWatch Log Group for VPC flow logs."
  type        = string
  default     = "/aws/vpc-flow-log/"
}

variable "flow_log_cloudwatch_log_group_retention_in_days" {
  description = "[optional] Specifies the number of days you want to retain log events in the specified log group for VPC flow logs."
  type        = number
  default     = null
}