Skip to content
/ sak-cognito Public

Cognito module for SAK project

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

provectus/sak-cognito

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github/workflows
.github/workflows
 
 
.tflint.hcl
.tflint.hcl
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Cognito

The module creates base resources such as a user pool, Route53 record for a domain, and ACM certificates for it.

Example

This example demonstrates how you can create an AWS Cognito client for your application.

module "cognito" {
  source       = "github.com/provectus/sak-cognito.git"
  cluster_name = module.eks.cluster_id
  domain       = "example.com"
  zone_id      = "FOOBAR123456"
}

resource aws_cognito_user_pool_client this {
  name                                 = "foo"
  user_pool_id                         = module.cognito.pool_id
  callback_urls                        = ["https://foo.example.com/oauth2/idpresponse"]
  allowed_oauth_flows_user_pool_client = true
  allowed_oauth_scopes                 = ["email", "openid", "profile", "aws.cognito.signin.user.admin"]
  allowed_oauth_flows                  = ["code"]
  supported_identity_providers         = ["COGNITO"]
  generate_secret                      = true
}

Requirements

terraform >= 1.1

Providers

Name Version
aws >= 3.0
random >= 3.1.0

Inputs

Name Description Type Default Required
cluster_name A name of the cluster string n/a yes
domain n/a string n/a yes
tags A set of tags map(string) {} no
zone_id n/a string n/a yes

Outputs

Name Description
domain A custom domain name of the AWS Cognito endpoint
pool_arn An ARN of the new created AWS Cognito User Pool
pool_id An ID of the new created AWS Cognito User Pool

Known issues

Right now Terraform provider for AWS did not support the creation of users for User Pool, so if you want to start managing users by Terraform need to use the following configuration with local-exec provisioner:

resource aws_cognito_user_group this {
  for_each = toset(distinct(values(
    {
      for k, v in var.cognito_users :
      k => lookup(v, "group", "read-only")
    }
  )))
  name         = each.value
  user_pool_id = module.cognito.pool_id
}

resource null_resource cognito_users {
  depends_on = [aws_cognito_user_group.this]
  for_each = {
    for k, v in var.cognito_users :
    v.username => v
  }
  provisioner local-exec {
    command = "aws --region ${var.aws_region} cognito-idp admin-create-user --user-pool-id ${module.cognito.pool_id} --username ${each.key} --user-attributes Name=email,Value=${each.value.email}"
  }
  provisioner local-exec {
    command = "aws --region ${var.aws_region} cognito-idp admin-add-user-to-group --user-pool-id ${module.cognito.pool_id} --username ${each.key} --group-name ${lookup(each.value, "group", "read-only")}"
  }
  provisioner local-exec {
    when    = "destroy"
    command = "aws --region ${var.aws_region} cognito-idp admin-delete-user --user-pool-id ${module.cognito.pool_id} --username ${each.key}"
  }
}

About

Cognito module for SAK project

Topics

open-source aws security devops cognito swiss-army-kube

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

89 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages