################################################################################
# Module: lb
# Variables — AWS Application Load Balancer
################################################################################

variable "environment" {
  description = "Deployment environment label (e.g. production, staging)."
  type        = string
}

variable "project" {
  description = "Project identifier used in resource names and tags."
  type        = string
  default     = "sentryagent-agentidp"
}

variable "vpc_id" {
  description = "VPC ID in which to create the ALB and its security group."
  type        = string
}

variable "subnet_ids" {
  description = "List of public subnet IDs for the ALB. Must span at least 2 AZs."
  type        = list(string)
}

variable "certificate_arn" {
  description = "ARN of the ACM certificate to attach to the HTTPS listener (port 443)."
  type        = string
}

variable "target_group_port" {
  description = "Port that ECS task containers listen on. Target group forwards traffic to this port."
  type        = number
  default     = 3000
}

variable "target_group_health_check_path" {
  description = "HTTP path used by the ALB target group health check."
  type        = string
  default     = "/health"
}

variable "target_group_health_check_interval" {
  description = "Interval in seconds between ALB health checks."
  type        = number
  default     = 30
}

variable "target_group_health_check_timeout" {
  description = "Timeout in seconds for each ALB health check request."
  type        = number
  default     = 5
}

variable "target_group_healthy_threshold" {
  description = "Number of consecutive successful health checks before marking a target healthy."
  type        = number
  default     = 2
}

variable "target_group_unhealthy_threshold" {
  description = "Number of consecutive failed health checks before marking a target unhealthy."
  type        = number
  default     = 3
}

variable "idle_timeout" {
  description = "ALB idle connection timeout in seconds."
  type        = number
  default     = 60
}

variable "enable_deletion_protection" {
  description = "Prevent the ALB from being deleted via the AWS API."
  type        = bool
  default     = true
}

variable "access_logs_bucket" {
  description = "S3 bucket name for ALB access logs. Leave empty to disable access logging."
  type        = string
  default     = ""
}

variable "access_logs_prefix" {
  description = "S3 key prefix for ALB access log files."
  type        = string
  default     = "alb"
}

variable "ssl_policy" {
  description = "SSL negotiation policy for the HTTPS listener. ELBSecurityPolicy-TLS13-1-2-2021-06 enforces TLS 1.2+ and TLS 1.3."
  type        = string
  default     = "ELBSecurityPolicy-TLS13-1-2-2021-06"
}

variable "allowed_ingress_cidrs" {
  description = "CIDR blocks allowed to reach the ALB on port 80 and 443. Default allows public internet."
  type        = list(string)
  default     = ["0.0.0.0/0"]
}