This module implements a s3 bucket for hosting a static website behind a cognito login.
WARNING THIS PROJECT IS WIP.
Below an example how to use this module ...
module "docs_example_website" {
source = "TechNative-B-V/static-website-cognito-auth/aws"
name = "website_docs_example"
domain = "subdomain.example.com"
route53_zone_name = "example.com."
deploy_user_name = "example_deployment_user"
cognito_path_refresh_auth = "/refreshauth"
cognito_path_logout = "/logout"
cognito_path_parse_auth = "/parseauth"
cognito_refresh_token_validity = 3650
cognito_domain_prefix = "login"
string_schemas = [
{
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "office365tn"
required = false
string_attribute_constraints = {
min_length = 1
max_length = 256
}
}
]
providers = {
aws.us-east-1: aws.us-east-1
}
}
output "docs_example_website_deploy_key_id" {
value = module.docs_example_website.iam_access_key_id
}
output "docs_example_website_deploy_key_secret" {
value = module.docs_example_website.iam_access_key_secret
sensitive = true
}
This module was forked from terraform-aws-website-secure (MIT).
Also code from terraform-aws-website was included (MIT).
Name | Version |
---|---|
aws | >= 4.9.0, < 5.0.0 |
random | n/a |
Name | Source | Version |
---|---|---|
acm | terraform-aws-modules/acm/aws | 4.3.1 |
cloudfront | terraform-aws-modules/cloudfront/aws | 3.1.0 |
cognito-user-pool | lgallard/cognito-user-pool/aws | 0.20.1 |
lambda_function | ./modules/lambda | n/a |
website_bucket | terraform-aws-modules/s3-bucket/aws | 3.6.0 |
Name | Type |
---|---|
aws_iam_access_key.user_keys | resource |
aws_iam_user.user | resource |
aws_route53_record.cognito-domain | resource |
aws_route53_record.website-domain | resource |
aws_s3_bucket_policy.bucket_policy_web | resource |
random_pet.this | resource |
aws_iam_policy_document.s3_policy | data source |
aws_route53_zone.this | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
cognito_additional_redirects | Additional URLs to allow cognito redirects to | list(string) |
[] |
no |
cognito_domain_prefix | The first part of the hosted UI login domain, as in https://[COGNITO_DOMAIN_PREFIX].[CUSTOM_DOMAIN]/ | string |
"login" |
no |
cognito_path_logout | Path relative to custom_domain to redirect to after logging out | string |
"/" |
no |
cognito_path_parse_auth | Path relative to custom_domain to redirect to upon successful authentication | string |
"/parseauth" |
no |
cognito_path_refresh_auth | Path relative to custom_domain to redirect to when a token refresh is required |
string |
"/refreshauth" |
no |
cognito_refresh_token_validity | Time until the refresh token expires and the user will be required to log in again | number |
3650 |
no |
deploy_user_name | the username of the deploy user | string |
n/a | yes |
domain | The primary domain name to use for the website | string |
n/a | yes |
domain_aliases | A set of any alternative domain names. Typically this would just contain the same as custom_domain but prefixed by www. | set(string) |
[] |
no |
name | A unique string to use for this module to make sure resources do not clash with others | string |
n/a | yes |
route53_zone_name | The name of the hosted zone in Route53 where the SSL certificates will be created | string |
n/a | yes |
Name | Description |
---|---|
alternate_urls | Alternate URLs of the website |
iam_access_key_id | n/a |
iam_access_key_secret | n/a |
s3_bucket_arn | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
s3_bucket_id | The name of the bucket |
url | URL of the main website |
user_arn | the arn of the user that was created |
user_name | the name of the service account user that was created |