Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rpstreef/tf-cognito
Terraform AWS Cognito module with support for Identity Federation via Google or Facebook, and Lambda triggers.
https://github.com/rpstreef/tf-cognito
aws cognito cognito-identity-pool cognito-user-pool terraform terraform-module
Last synced: 1 day ago
JSON representation
Terraform AWS Cognito module with support for Identity Federation via Google or Facebook, and Lambda triggers.
- Host: GitHub
- URL: https://github.com/rpstreef/tf-cognito
- Owner: rpstreef
- License: apache-2.0
- Created: 2020-02-17T06:01:33.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-06-04T07:27:27.000Z (over 3 years ago)
- Last Synced: 2023-12-12T04:29:21.044Z (11 months ago)
- Topics: aws, cognito, cognito-identity-pool, cognito-user-pool, terraform, terraform-module
- Language: HCL
- Homepage:
- Size: 85 KB
- Stars: 2
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform AWS Cognito module
## About:
Creates a basic AWS Cognito setup with a mandatory 8 character long password policy and dynamic schema support.
Please note the variable ```ignore_changes``` in the ```./main.tf``` file is used to prevent re-deployments from occurring.
There's no built in support yet for;
- SNS Email sending and template, instead it uses the built in email support with sending limitations.
- SMS sending
## How to use:
To add a Federation, provide the ``identity_provider_map`` with the appropriate configuration for the supported Fedartion, in this case, Google.
To then enable that login provider for your Cognito identity pool, add ``supported_login_providers`` configuration.
```terraform
module "cognito" {
source = "../../modules/cognito"
namespace = var.namespace
resource_tag_name = var.resource_tag_name
region = var.region
cognito_identity_pool_name = var.cognito_identity_pool_name
cognito_identity_pool_provider = var.cognito_identity_pool_provider
# User Pool Client Configuration
allowed_oauth_flows = [ "implicit" ]
allowed_oauth_scopes = [ "aws.cognito.signin.user.admin" ]
callback_urls = [ "https://google.com" ]
supported_identity_providers = [ "Google" ]
supported_login_providers = {
"accounts.google.com" = "dfsfsf.apps.googleusercontent.com"
}
identity_provider_map = {
google = {
provider_name = "Google"
provider_type = "Google"
authorize_scopes = "email"
client_id = "dfsfsf.apps.googleusercontent.com"
client_secret = "sdfsfasdfafsafsafsfsdf"
attribute_mapping = {
email = "email"
username = "sub"
}
}
schema_map = [
{
name = "email"
attribute_data_type = "String"
mutable = false
required = true
},
{
name = "phone_number"
attribute_data_type = "String"
mutable = false
required = true
}
]
}
```
## Changelog
### v1.6
- Added "cognito_module_enabled", default set to true.
- Changed output to display whole resource objects created
### v1.5
- Added custom Domain support for hosted domains.
### v1.4
- Added email configuration options with default or SES
- Added user pool client variables to support identity federation configuration.
- Note that ``explicit_auth_flows`` with prefix 'ALLOW' cannot be used with ``LEGACY`` ``prevent_user_existence_errors`` configuration.
### v1.3
- updated new to Terraform standards
- added Federated login support with an example; Google.
- added all Lambda triggers, provide the appropriate Lambda ARN to enable.
- Added lifecycle ignores to prevent continuous changes on resources;
- ``provider_details`` for resource; ``aws_cognito_identity_provider``
- ``lambda_config`` for resource; ``aws_cognito_user_pool``
### v1.2
- Added mail template variables (cognito based emails)
- Verify by Link or code variable
### v1.1
- Added ignore on ``password_policy[0].temporary_password_validity_days``
### v1.0
- Initial release