AWS Step Functions Terraform module
Upstream version 5.1.0
0 controls from Registry requirements
Terraform Module Source
registry.compliance.tf/terraform-aws-modules/step-functions/aws42 unique
| Name | Type | Default | Description |
|---|---|---|---|
| Optional | |||
attach_cloudwatch_logs_policy | bool | true | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function |
attach_policies | bool | false | Controls whether list of policies should be added to IAM role |
attach_policies_for_integrations | bool | true | Whether to attach AWS Service policies to IAM role |
attach_policy | bool | false | Controls whether policy should be added to IAM role |
attach_policy_json | bool | false | Controls whether policy_json should be added to IAM role |
attach_policy_jsons | bool | false | Controls whether policy_jsons should be added to IAM role |
attach_policy_statements | bool | false | Controls whether policy_statements should be added to IAM role |
aws_region_assume_role | string | "" | Name of AWS regions where IAM role can be assumed by the Step Function |
cloudwatch_log_group_kms_key_id | string | null | The ARN of the KMS Key to use when encrypting log data. |
cloudwatch_log_group_name | string | null | Name of Cloudwatch Logs group name to use. |
cloudwatch_log_group_retention_in_days | number | null | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. |
cloudwatch_log_group_tags | map(string) | {} | A map of tags to assign to the resource. |
create | bool | true | Whether to create Step Function resource |
create_role | bool | true | Whether to create IAM role for the Step Function |
definition | string | "" | The Amazon States Language definition of the Step Function |
encryption_configuration | any | {} | Defines what encryption configuration is used to encrypt data in the State Machine. |
logging_configuration | map(string) | {} | Defines what execution history events are logged and where they are logged |
name | string | "" | The name of the Step Function |
number_of_policies | number | 0 | Number of policies to attach to IAM role |
number_of_policy_jsons | number | 0 | Number of policies JSON to attach to IAM role |
policies | list(string) | [] | List of policy statements ARN to attach to IAM role |
policy | string | null | An additional policy document ARN to attach to IAM role |
policy_json | string | null | An additional policy document as JSON to attach to IAM role |
policy_jsons | list(string) | [] | List of additional policy documents as JSON to attach to IAM role |
policy_path | string | null | Path of IAM policies to use for Step Function |
policy_statements | any | {} | Map of dynamic policy statements to attach to IAM role |
publish | bool | false | Determines whether to set a version of the state machine when it is created. |
region | string | null | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration |
role_arn | string | "" | The Amazon Resource Name (ARN) of the IAM role to use for this Step Function |
role_description | string | null | Description of IAM role to use for Step Function |
role_force_detach_policies | bool | true | Specifies to force detaching any policies the IAM role has before destroying it. |
role_name | string | null | Name of IAM role to use for Step Function |
role_path | string | null | Path of IAM role to use for Step Function |
role_permissions_boundary | string | null | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Step Function |
role_tags | map(string) | {} | A map of tags to assign to IAM role |
service_integrations | any | {} | Map of AWS service integrations to allow in IAM role policy |
sfn_state_machine_timeouts | map(string) | {} | Create, update, and delete timeout configurations for the step function. |
tags | map(string) | {} | Maps of tags to assign to the Step Function |
trusted_entities | list(string) | [] | Step Function additional trusted entities for assuming roles (trust relationship) |
type | string | "STANDARD" | Determines whether a Standard or Express state machine is created. The default is STANDARD. Valid Values: STANDARD | EXPRESS |
use_existing_cloudwatch_log_group | bool | false | Whether to use an existing CloudWatch log group or create new |
use_existing_role | bool | false | Whether to use an existing IAM role for this Step Function |