https://github.com/wearetechnative/terraform-aws-module-static-website-cognito-auth
Creates resources for hosting a static website on S3 protected behind a Cognito login.
https://github.com/wearetechnative/terraform-aws-module-static-website-cognito-auth
aws cloudfront cognito-user-pool lambda route53 s3-website static-website
Last synced: 5 months ago
JSON representation
Creates resources for hosting a static website on S3 protected behind a Cognito login.
- Host: GitHub
- URL: https://github.com/wearetechnative/terraform-aws-module-static-website-cognito-auth
- Owner: wearetechnative
- License: apache-2.0
- Created: 2023-01-30T17:22:52.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-01-14T13:18:47.000Z (6 months ago)
- Last Synced: 2025-01-14T14:29:34.888Z (6 months ago)
- Topics: aws, cloudfront, cognito-user-pool, lambda, route53, s3-website, static-website
- Language: HCL
- Homepage: https://registry.terraform.io/modules/TechNative-B-V/static-website-cognito-auth/aws/latest
- Size: 276 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform AWS Static Website Cognito Auth 
This module implements a s3 bucket for hosting a static website behind a
cognito login.
WARNING THIS PROJECT IS WIP.
[](https://www.technative.nl)
## Usage
Below an example how to use this module ...
```hcl
module "docs_example_website" {
source = "TechNative-B-V/static-website-cognito-auth/aws"
name = "website_docs_example"
domain = "subdomain.example.com"
route53_zone_name = "example.com."
deploy_user_name = "example_deployment_user"
cognito_path_refresh_auth = "/refreshauth"
cognito_path_logout = "/logout"
cognito_path_parse_auth = "/parseauth"
cognito_refresh_token_validity = 3650
cognito_domain_prefix = "login"
string_schemas = [
{
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "office365tn"
required = false
string_attribute_constraints = {
min_length = 1
max_length = 256
}
}
]
providers = {
aws.us-east-1: aws.us-east-1
}
}
output "docs_example_website_deploy_key_id" {
value = module.docs_example_website.iam_access_key_id
}
output "docs_example_website_deploy_key_secret" {
value = module.docs_example_website.iam_access_key_secret
sensitive = true
}
```
## Credits
This module was forked from [terraform-aws-website-secure](https://github.com/timmeinerzhagen/terraform-aws-website-secure) (MIT).
Also code from [terraform-aws-website](https://github.com/bwindsor/terraform-aws-website) was included (MIT).
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 4.9.0, < 5.0.0 |
| [random](#provider\_random) | n/a |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [acm](#module\_acm) | terraform-aws-modules/acm/aws | 4.3.1 |
| [cloudfront](#module\_cloudfront) | terraform-aws-modules/cloudfront/aws | 3.1.0 |
| [cognito-user-pool](#module\_cognito-user-pool) | lgallard/cognito-user-pool/aws | 0.20.1 |
| [lambda\_function](#module\_lambda\_function) | ./modules/lambda | n/a |
| [website\_bucket](#module\_website\_bucket) | terraform-aws-modules/s3-bucket/aws | 3.6.0 |
## Resources
| Name | Type |
|------|------|
| [aws_iam_access_key.user_keys](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
| [aws_iam_user.user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
| [aws_route53_record.cognito-domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.website-domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_s3_bucket_policy.bucket_policy_web](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
| [aws_iam_policy_document.s3_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [cognito\_additional\_redirects](#input\_cognito\_additional\_redirects) | Additional URLs to allow cognito redirects to | `list(string)` | `[]` | no |
| [cognito\_domain\_prefix](#input\_cognito\_domain\_prefix) | The first part of the hosted UI login domain, as in https://[COGNITO_DOMAIN_PREFIX].[CUSTOM_DOMAIN]/ | `string` | `"login"` | no |
| [cognito\_path\_logout](#input\_cognito\_path\_logout) | Path relative to custom\_domain to redirect to after logging out | `string` | `"/"` | no |
| [cognito\_path\_parse\_auth](#input\_cognito\_path\_parse\_auth) | Path relative to custom\_domain to redirect to upon successful authentication | `string` | `"/parseauth"` | no |
| [cognito\_path\_refresh\_auth](#input\_cognito\_path\_refresh\_auth) | Path relative to `custom_domain` to redirect to when a token refresh is required | `string` | `"/refreshauth"` | no |
| [cognito\_refresh\_token\_validity](#input\_cognito\_refresh\_token\_validity) | Time until the refresh token expires and the user will be required to log in again | `number` | `3650` | no |
| [deploy\_user\_name](#input\_deploy\_user\_name) | the username of the deploy user | `string` | n/a | yes |
| [domain](#input\_domain) | The primary domain name to use for the website | `string` | n/a | yes |
| [domain\_aliases](#input\_domain\_aliases) | A set of any alternative domain names. Typically this would just contain the same as custom\_domain but prefixed by www. | `set(string)` | `[]` | no |
| [name](#input\_name) | A unique string to use for this module to make sure resources do not clash with others | `string` | n/a | yes |
| [route53\_zone\_name](#input\_route53\_zone\_name) | The name of the hosted zone in Route53 where the SSL certificates will be created | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [alternate\_urls](#output\_alternate\_urls) | Alternate URLs of the website |
| [iam\_access\_key\_id](#output\_iam\_access\_key\_id) | n/a |
| [iam\_access\_key\_secret](#output\_iam\_access\_key\_secret) | n/a |
| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
| [s3\_bucket\_id](#output\_s3\_bucket\_id) | The name of the bucket |
| [url](#output\_url) | URL of the main website |
| [user\_arn](#output\_user\_arn) | the arn of the user that was created |
| [user\_name](#output\_user\_name) | the name of the service account user that was created |