UPD: taking a couple inputs as varibales

modules/ManagementGovernance/ssm-schedule-run-command/main.tf

@@ -26,7 +26,7 @@ resource "aws_ssm_maintenance_window" "this" {
   name        = replace(title(var.description), " ", "")
   description = var.description
   schedule    = var.cron-expression
-  duration    = 2
+  duration    = var.maintenance-window-duration
   cutoff      = 1
 }
 
@@ -58,7 +58,7 @@ resource "aws_ssm_maintenance_window_task" "this" {
 
   task_invocation_parameters {
     run_command_parameters {
-      timeout_seconds = 600
+      timeout_seconds = var.maintenance-window-duration * 60 - 15
 
       cloudwatch_config {
         cloudwatch_log_group_name = aws_cloudwatch_log_group.this.name
@@ -75,6 +75,6 @@ resource "aws_ssm_maintenance_window_task" "this" {
 
 resource "aws_cloudwatch_log_group" "this" {
   name              = "/aws/ssm-maintenance/${replace(title(var.description), " ", "")}"
-  retention_in_days = 30
+  retention_in_days = var.cloudwatch-log-retention-days
   log_group_class   = "STANDARD" # infrequent access logs can only be viewed via insight
 }

modules/ManagementGovernance/ssm-schedule-run-command/variables.tf

@@ -21,4 +21,16 @@ variable description {
 variable schedule-name {
   type = string
   description = "Name of maintenance window. e.g. Daily0900UTC8"
+}
+
+variable maintenance-window-duration {
+  type        = number
+  description = "Duration of maintenance window, must be >= 2"
+  default     = 2
+}
+
+variable cloudwatch-log-retention-days {
+  type = number
+  description = "Days to retain logs on cloudwatch logs"
+  default = 30
 }