https://github.com/cruxstack/terraform-aws-yopass
Terraform Module to deploy Yopass on AWS serverless technologies
https://github.com/cruxstack/terraform-aws-yopass
aws-lambda cloudfront cloudposse dynamodb serverless sweetops terraform terraform-module yopass
Last synced: 2 months ago
JSON representation
Terraform Module to deploy Yopass on AWS serverless technologies
- Host: GitHub
- URL: https://github.com/cruxstack/terraform-aws-yopass
- Owner: cruxstack
- License: mit
- Created: 2023-07-11T16:17:26.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-06-05T14:54:31.000Z (12 months ago)
- Last Synced: 2025-03-20T13:49:02.426Z (2 months ago)
- Topics: aws-lambda, cloudfront, cloudposse, dynamodb, serverless, sweetops, terraform, terraform-module, yopass
- Language: HCL
- Homepage: https://registry.terraform.io/modules/cruxstack/yopass/aws/latest
- Size: 68.4 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform Module: Yopass (via AWS Serverless)
This Terraform module deploys a [Yopass](https://github.com/jhaals/yopass)
server using a serverless architecture on AWS. It leverages AWS Lambda,
DynamoDB, and CloudFront to provide a highly available, scalable, and
cost-effective solution. The design adheres to a pay-per-use model.
## Features
- **Secure Secret Sharing**: Yopass is designed for secure secret sharing, and
client-side encryption ensures your secrets remain private.
- **Serverless Deployment**: Yopass is deployed using AWS Lambda, enabling a
highly scalable and maintenance-free setup.
- **Cost-Effective**: The pay-per-use model of AWS Lambda and DynamoDB ensures
you only pay for what you use.
- **CloudFront Distribution**: The Yopass website is served via a CloudFront
distribution for a fast and secure user experience globally.
- **Automated Deployment**: The entire Yopass deployment, including the server,
website, and database, is handled by Terraform, providing an easy and repeatable deployment process.
- **User Authentication Layer**: An optional user authentication layer is
available, securing access to the Yopass website using AWS Cognito.
## Usage
```hcl
module "yopass" {
source = "cruxstack/yopass/aws"
version = "x.x.x"
website_domain_name = "yopass.example.com"
website_certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012"
}
```
## Inputs
In addition to the variables documented below, this module includes several
other optional variables (e.g., `name`, `tags`, etc.) provided by the
`cloudposse/label/null` module. Please refer to its [documentation](https://registry.terraform.io/modules/cloudposse/label/null/latest)
for more details on these variables.
| Name | Description | Type | Default | Required |
|--------------------------------------|---------------------------------------------------------------------------------------------------------------|:------------------------------------:|:--------:|:--------:|
| `auth_cognito_idp_arn` | ARN of the Cognito User Pool to use for authentication. Only appliable if `auth_enabled` is `true`. | string | null | No |
| `auth_cognito_idp_client_id` | Client ID of the Cognito User Pool to use for authentication. Only appliable if `auth_enabled` is `true`. | string | null | No |
| `auth_cognito_idp_client_scopes` | Client scopes of the Cognito User Pool to use for authentication. Only appliable if `auth_enabled` is `true`. | list(string) | [] | No |
| `auth_cognito_idp_client_secret` | Client secret of the Cognito User Pool to use for authentication. Only appliable if `auth_enabled` is `true`. | string | null | No |
| `auth_cognito_idp_domain` | Domain of the Cognito User Pool to use for authentication. Only appliable if `auth_enabled` is `true`. | string | null | No |
| `auth_cognito_idp_jwks` | JWKS of the Cognito User Pool to use for authentication. Only appliable if `auth_enabled` is `true`. | object({ keys = list(map(string)) }) | null | No |
| `auth_enabled` | Whether to enable authentication power by Cognito User Pool. | bool | false | No |
| `aws_account_id` | The AWS account ID that the module will be deployed. | string | "" | No |
| `aws_region_name` | The AWS region name where the module will be deployed. | string | "" | No |
| `server_waf_acl_name` | Name of the WAF ACL to associate with the API Gateway. | string | "" | No |
| `website_certificate_arn` | ARN of the ACM certificate for the domain name. | string | None | Yes |
| `website_domain_name` | Domain name for Yopass website. | string | None | Yes |
| `website_waf_acl_name` | Name of the WAF ACL to associate with the CloudFront distribution. | string | "" | No |
| `yopass_encrypted_secret_max_length` | Maximum length of encrypted secrets. | number | 10000 | No |
| `yopass_version` | Version of Yopass to deploy. | string | "latest" | No |
## Outputs
| Name | Description |
|-------------------------------------|-------------------------------------------------------------------------------|
| `server_apigw_id` | The ID of the Yopass server API Gateway. |
| `server_apigw_url` | The URL of the Yopass server API Gateway. |
| `website_cloudfront_domain_name` | The domain name of the CloudFront distribution serving the Yopass website. |
| `website_cloudfront_hosted_zone_id` | The hosted zone id of the CloudFront distribution serving the Yopass website. |
## Contributing
We welcome contributions to this project. For information on setting up a
development environment and how to make a contribution, see [CONTRIBUTING](./CONTRIBUTING.md)
documentation.