variable "aws_region" { description = "AWS region for the deployment." type = string default = "ca-central-1" } variable "project_name" { description = "Logical name used to prefix created resources." type = string default = "documenso" } variable "domain_name" { description = "Fully qualified domain name for the application." type = string default = "esignature.imex.online" } variable "hosted_zone_name" { description = "Public Route53 hosted zone that contains the application hostname." type = string default = "imex.online" } variable "ses_identity_domain" { description = "Domain used for SES. Defaults to the hosted zone when null. If manage_ses_resources is false, this is informational and used only for outputs/documentation." type = string default = null } variable "manage_ses_resources" { description = "Whether this Terraform stack should create and manage the SES domain identity, verification record, and DKIM records. Disable this when SES is already configured elsewhere." type = bool default = false } variable "documenso_image" { description = "Container image for Documenso. Default keeps you on the latest published image." type = string default = "documenso/documenso:latest" } variable "app_port" { description = "Container port exposed by Documenso." type = number default = 3000 } variable "upload_bucket_name" { description = "Optional S3 bucket name for Documenso uploads. If null, Terraform generates a globally unique name based on account and region." type = string default = null } variable "s3_versioning_enabled" { description = "Enable S3 object versioning for uploaded documents." type = bool default = true } variable "document_size_upload_limit_mb" { description = "Upload size limit shown in the Documenso UI, in MB." type = number default = 10 } variable "vpc_cidr" { description = "CIDR block used for the VPC." type = string default = "10.42.0.0/16" } variable "fargate_cpu" { description = "Fargate CPU units for the task." type = number default = 512 } variable "fargate_memory" { description = "Fargate memory in MiB for the task." type = number default = 1024 } variable "desired_count" { description = "Initial number of running Documenso tasks." type = number default = 1 } variable "min_count" { description = "Minimum number of tasks for autoscaling." type = number default = 1 } variable "max_count" { description = "Maximum number of tasks for autoscaling." type = number default = 4 } variable "cpu_target_utilization" { description = "Target average CPU utilization for ECS autoscaling." type = number default = 65 } variable "memory_target_utilization" { description = "Target average memory utilization for ECS autoscaling." type = number default = 75 } variable "postgres_major_version" { description = "Preferred PostgreSQL major version. Terraform resolves the latest matching minor release supported by AWS." type = string default = "17" } variable "db_name" { description = "Initial PostgreSQL database name." type = string default = "documenso" } variable "db_username" { description = "Master PostgreSQL username for the application." type = string default = "documenso" } variable "db_instance_class" { description = "RDS instance class. Graviton classes are usually the best cost/performance option for Postgres." type = string default = "db.t4g.small" } variable "db_allocated_storage" { description = "Initial allocated storage in GiB." type = number default = 20 } variable "db_max_allocated_storage" { description = "Maximum autoscaled storage in GiB." type = number default = 100 } variable "db_backup_retention_days" { description = "How many days of automated backups to retain." type = number default = 7 } variable "db_multi_az" { description = "Enable Multi-AZ for higher database availability at higher cost." type = bool default = true } variable "db_deletion_protection" { description = "Protect the database from accidental deletion." type = bool default = true } variable "db_final_snapshot_on_destroy" { description = "Create a final snapshot if the database is destroyed." type = bool default = true } variable "db_publicly_accessible" { description = "Whether the RDS instance should have a public endpoint. Requires database subnets with a route to the internet gateway." type = bool default = false } variable "db_allowed_cidrs" { description = "IPv4 CIDR blocks allowed to connect directly to PostgreSQL. Leave empty to disable direct public access." type = list(string) default = [] } variable "disable_signup" { description = "Disable public signup in Documenso." type = bool default = true } variable "allowed_signup_domains" { description = "Optional comma-separated list of allowed email domains when signup is enabled." type = string default = "" } variable "smtp_port" { description = "SES SMTP endpoint port." type = number default = 587 } variable "smtp_secure" { description = "Whether to use SMTPS. Keep false for SES on port 587 with STARTTLS." type = bool default = false } variable "smtp_unsafe_ignore_tls" { description = "Whether the application should ignore TLS issues when sending mail." type = bool default = false } variable "smtp_username" { description = "SES SMTP username." type = string sensitive = true } variable "smtp_password" { description = "SES SMTP password." type = string sensitive = true } variable "smtp_from_name" { description = "Display name used in outbound email." type = string default = "ImEX E-Signature" } variable "smtp_from_address" { description = "Verified sender email address for SES." type = string } variable "signing_certificate_base64" { description = "Base64-encoded PKCS#12 signing certificate contents for Documenso. Leave empty to omit certificate injection." type = string default = "" sensitive = true } variable "signing_certificate_passphrase" { description = "Passphrase for the Documenso signing certificate. Leave empty to omit it." type = string default = "" sensitive = true } variable "app_secret_name" { description = "Secrets Manager secret name used for Documenso application secrets. Set this if a previous secret with the default name is pending deletion." type = string default = null } variable "tags" { description = "Additional tags applied to all supported resources." type = map(string) default = {} } variable "waf_rate_limit" { description = "Maximum requests per 5-minute window from a single IP before WAF blocks it." type = number default = 2000 } variable "alarm_actions" { description = "Optional list of SNS topic ARNs or other alarm actions to invoke when CloudWatch alarms fire." type = list(string) default = [] } variable "alb_5xx_alarm_threshold" { description = "Threshold for ALB 5xx count over a 5-minute period." type = number default = 10 } variable "ecs_cpu_alarm_threshold" { description = "Threshold for average ECS CPU utilization alarm." type = number default = 85 } variable "ecs_memory_alarm_threshold" { description = "Threshold for average ECS memory utilization alarm." type = number default = 85 } variable "rds_cpu_alarm_threshold" { description = "Threshold for average RDS CPU utilization alarm." type = number default = 80 } variable "rds_free_storage_alarm_threshold_bytes" { description = "Alarm threshold for low RDS free storage, in bytes." type = number default = 5368709120 }