This module implements a s3 bucket for hosting a static website behind a cognito login.
WARNING THIS PROJECT IS WIP.
Below an example how to use this module ...
module "docs_example_website" {
source = "TechNative-B-V/static-website-cognito-auth/aws"
name = "website_docs_example"
domain = "subdomain.example.com"
route53_zone_name = "example.com."
deploy_user_name = "example_deployment_user"
cognito_path_refresh_auth = "/refreshauth"
cognito_path_logout = "/logout"
cognito_path_parse_auth = "/parseauth"
cognito_refresh_token_validity = 3650
cognito_domain_prefix = "login"
string_schemas = [
{
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "office365tn"
required = false
string_attribute_constraints = {
min_length = 1
max_length = 256
}
}
]
providers = {
aws.us-east-1: aws.us-east-1
}
}
output "docs_example_website_deploy_key_id" {
value = module.docs_example_website.iam_access_key_id
}
output "docs_example_website_deploy_key_secret" {
value = module.docs_example_website.iam_access_key_secret
sensitive = true
}This module was forked from terraform-aws-website-secure (MIT).
Also code from terraform-aws-website was included (MIT).
| Name | Version |
|---|---|
| aws | >= 4.9.0, < 5.0.0 |
| random | n/a |
| Name | Source | Version |
|---|---|---|
| acm | terraform-aws-modules/acm/aws | 4.3.1 |
| cloudfront | terraform-aws-modules/cloudfront/aws | 3.1.0 |
| cognito-user-pool | lgallard/cognito-user-pool/aws | 0.20.1 |
| lambda_function | ./modules/lambda | n/a |
| website_bucket | terraform-aws-modules/s3-bucket/aws | 3.6.0 |
| Name | Type |
|---|---|
| aws_iam_access_key.user_keys | resource |
| aws_iam_user.user | resource |
| aws_route53_record.cognito-domain | resource |
| aws_route53_record.website-domain | resource |
| aws_s3_bucket_policy.bucket_policy_web | resource |
| random_pet.this | resource |
| aws_iam_policy_document.s3_policy | data source |
| aws_route53_zone.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cognito_additional_redirects | Additional URLs to allow cognito redirects to | list(string) |
[] |
no |
| cognito_domain_prefix | The first part of the hosted UI login domain, as in https://[COGNITO_DOMAIN_PREFIX].[CUSTOM_DOMAIN]/ | string |
"login" |
no |
| cognito_path_logout | Path relative to custom_domain to redirect to after logging out | string |
"/" |
no |
| cognito_path_parse_auth | Path relative to custom_domain to redirect to upon successful authentication | string |
"/parseauth" |
no |
| cognito_path_refresh_auth | Path relative to custom_domain to redirect to when a token refresh is required |
string |
"/refreshauth" |
no |
| cognito_refresh_token_validity | Time until the refresh token expires and the user will be required to log in again | number |
3650 |
no |
| deploy_user_name | the username of the deploy user | string |
n/a | yes |
| domain | The primary domain name to use for the website | string |
n/a | yes |
| domain_aliases | A set of any alternative domain names. Typically this would just contain the same as custom_domain but prefixed by www. | set(string) |
[] |
no |
| name | A unique string to use for this module to make sure resources do not clash with others | string |
n/a | yes |
| route53_zone_name | The name of the hosted zone in Route53 where the SSL certificates will be created | string |
n/a | yes |
| Name | Description |
|---|---|
| alternate_urls | Alternate URLs of the website |
| iam_access_key_id | n/a |
| iam_access_key_secret | n/a |
| s3_bucket_arn | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
| s3_bucket_id | The name of the bucket |
| url | URL of the main website |
| user_arn | the arn of the user that was created |
| user_name | the name of the service account user that was created |