-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloudInfrastructure.tf
111 lines (79 loc) · 3.19 KB
/
cloudInfrastructure.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# Set provider.
provider "aws" {
region = "eu-north-1"
}
# ==================================================================================================
# Create a User Pool.
resource "aws_cognito_user_pool" "nutricompanion_pool" {
name = "NutriCompanion"
admin_create_user_config {
allow_admin_create_user_only = "false"
}
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
deletion_protection = "INACTIVE"
email_configuration {
email_sending_account = "COGNITO_DEFAULT"
}
mfa_configuration = "OPTIONAL"
password_policy {
minimum_length = "8"
require_lowercase = "true"
require_numbers = "true"
require_symbols = "true"
require_uppercase = "true"
temporary_password_validity_days = "7"
}
software_token_mfa_configuration {
enabled = "true"
}
user_attribute_update_settings {
attributes_require_verification_before_update = ["email"]
}
verification_message_template {
default_email_option = "CONFIRM_WITH_CODE"
}
}
resource "aws_cognito_user_pool_domain" "nutricompanion_user_pool_domain" {
domain = "nutricompanion"
user_pool_id = aws_cognito_user_pool.nutricompanion_pool.id
}
resource "aws_cognito_identity_provider" "google" {
user_pool_id = aws_cognito_user_pool.nutricompanion_pool.id
provider_name = "Google"
provider_type = "Google"
provider_details = {
client_id = "765800523086-s225su8r2v742u7m4m13ve15ga9o580o.apps.googleusercontent.com" # Sensitive data. Should be stored in a secret manager.
client_secret = "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" # Sensitive data. Should be stored in a secret manager.
authorize_scopes = "email profile openid"
}
attribute_mapping = {
email = "email"
username = "sub"
}
}
# ==================================================================================================
# Create a User Pool Client.
resource "aws_cognito_user_pool_client" "nutricompanion_client" {
name = "NutriCompanionClient"
user_pool_id = aws_cognito_user_pool.nutricompanion_pool.id
generate_secret = false
callback_urls = [ "http://localhost:6969" ]
allowed_oauth_flows = ["implicit"]
allowed_oauth_scopes = ["email", "phone", "openid"]
allowed_oauth_flows_user_pool_client = true
supported_identity_providers = ["Google"]
explicit_auth_flows = [
"ALLOW_REFRESH_TOKEN_AUTH",
"ALLOW_USER_SRP_AUTH"
]
}
# ==================================================================================================
# Values to output.
output "Cognito-Domain" {
value = "https://${aws_cognito_user_pool_domain.nutricompanion_user_pool_domain.domain}.auth.eu-north-1.amazoncognito.com/"
}
output "Hosted-Web-UI" {
value = "https://${aws_cognito_user_pool_domain.nutricompanion_user_pool_domain.domain}.auth.eu-north-1.amazoncognito.com/oauth2/authorize?client_id=${aws_cognito_user_pool_client.nutricompanion_client.id}&response_type=token&scope=email+openid+phone&redirect_uri=http%3A%2F%2Flocalhost%3A6969"
}
# ==================================================================================================