Skip to content

wearetechnative/terraform-aws-module-static-website-cognito-auth

BranchesTags

Repository files navigation

Terraform AWS Static Website Cognito Auth

This module implements a s3 bucket for hosting a static website behind a cognito login.

WARNING THIS PROJECT IS WIP.

Usage

Below an example how to use this module ...

module "docs_example_website" {

  source = "TechNative-B-V/static-website-cognito-auth/aws"

  name                            = "website_docs_example"
  domain                          = "subdomain.example.com"
  route53_zone_name               = "example.com."

  deploy_user_name                = "example_deployment_user"

  cognito_path_refresh_auth       = "/refreshauth"
  cognito_path_logout             = "/logout"
  cognito_path_parse_auth         = "/parseauth"
  cognito_refresh_token_validity  = 3650
  cognito_domain_prefix           = "login"

  string_schemas = [
    {
      attribute_data_type = "String"
      developer_only_attribute = false
      mutable = true
      name = "office365tn"
      required = false
      string_attribute_constraints = {
        min_length = 1
        max_length = 256
      }
    }
  ]

  providers = {
    aws.us-east-1: aws.us-east-1
  }
}

output "docs_example_website_deploy_key_id" {
  value = module.docs_example_website.iam_access_key_id
}

output "docs_example_website_deploy_key_secret" {
  value = module.docs_example_website.iam_access_key_secret
  sensitive = true
}

Credits

This module was forked from terraform-aws-website-secure (MIT).

Also code from terraform-aws-website was included (MIT).

Requirements

Name Version
terraform >= 1.0.2
archive >= 2.2.0, < 3.0.0
aws >= 4.9.0

Providers

Name Version
aws >= 4.9.0
random n/a

Modules

Name Source Version
acm terraform-aws-modules/acm/aws 5.0.0
cloudfront terraform-aws-modules/cloudfront/aws 3.2.1
cognito-user-pool lgallard/cognito-user-pool/aws 1.7.0
lambda_function ./modules/lambda n/a
website_bucket terraform-aws-modules/s3-bucket/aws 5.2.0

Resources

Name Type
aws_iam_access_key.user_keys resource
aws_iam_user.user resource
aws_route53_record.cognito-domain resource
aws_route53_record.website-domain resource
aws_s3_bucket_policy.bucket_policy_web resource
random_pet.this resource
aws_iam_policy_document.s3_policies data source
aws_iam_policy_document.s3_policy data source
aws_route53_zone.this data source

Inputs

Name Description Type Default Required
bucket_policy_addition Additional S3 policies in Terraform format. Can be derived using jsondecode(iam_policy_document.json). any null no
cognito_additional_callbacks Additional URLs to allow cognito callbacks to list(string) [] no
cognito_additional_redirects Additional URLs to allow cognito redirects to list(string) [] no
cognito_client_supported_identity_providers List of identity providers list(string) 
[
  "COGNITO"
]
 no
cognito_domain_prefix The first part of the hosted UI login domain, as in https://[COGNITO_DOMAIN_PREFIX].[CUSTOM_DOMAIN]/ string "login" no
cognito_path_logout Path relative to custom_domain to redirect to after logging out string "/" no
cognito_path_parse_auth Path relative to custom_domain to redirect to upon successful authentication string "/parseauth" no
cognito_path_refresh_auth Path relative to custom_domain to redirect to when a token refresh is required string "/refreshauth" no
cognito_refresh_token_validity Time until the refresh token expires and the user will be required to log in again number 3650 no
deploy_user_name the username of the deploy user string n/a yes
domain The primary domain name to use for the website string n/a yes
domain_aliases A set of any alternative domain names. Typically this would just contain the same as custom_domain but prefixed by www. set(string) [] no
name A unique string to use for this module to make sure resources do not clash with others string n/a yes
region AWS Region string n/a yes
route53_zone_name The name of the hosted zone in Route53 where the SSL certificates will be created string n/a yes
string_schemas String schemas to include 
list(object({
    attribute_data_type = string
    developer_only_attribute = bool
    mutable = bool
    name = string
    required = bool
    string_attribute_constraints = object({
      min_length = number
      max_length = number
    })
  }))
 [] no

Outputs

Name Description
acm_certificate_domain_validation_options n/a
alternate_urls Alternate URLs of the website
cognito_user_pool_id ID of the Cognito user pool.
iam_access_key_id n/a
iam_access_key_secret n/a
s3_bucket_arn The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
s3_bucket_id The name of the bucket
url URL of the main website
user_arn the arn of the user that was created
user_name the name of the service account user that was created

About

Creates resources for hosting a static website on S3 protected behind a Cognito login.

registry.terraform.io/modules/TechNative-B-V/static-website-cognito-auth/aws/latest

Topics

route53 aws lambda s3-website cloudfront static-website cognito-user-pool

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v0.2.0 Latest
Apr 11, 2023
+ 2 releases

Contributors 5

Languages