-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integrated terraform outputs in frontend code-gen #75
Changes from 1 commit
f35c86b
8b32944
8ebec4d
1a2ba87
03db618
27e302f
46c0ac0
7f49280
550b09e
4e0f856
a9d7d51
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
resource "aws_cognito_user_pool" "users" { | ||
name = "${var.user_pool}-user-pool" | ||
|
||
username_attributes = [ | ||
"email", | ||
] | ||
|
||
# auto_verified_attributes = ["email"] | ||
} | ||
|
||
resource "aws_cognito_user_pool_client" "client" { | ||
name = "${var.user_pool}-cognito-client" | ||
|
||
user_pool_id = "${aws_cognito_user_pool.users.id}" | ||
generate_secret = false | ||
|
||
allowed_oauth_flows_user_pool_client = true | ||
allowed_oauth_flows = ["code", "implicit"] | ||
allowed_oauth_scopes = ["profile", "openid"] | ||
|
||
supported_identity_providers = ["COGNITO"] | ||
refresh_token_validity = "14" | ||
|
||
explicit_auth_flows = [ | ||
"ADMIN_NO_SRP_AUTH", | ||
"USER_PASSWORD_AUTH", | ||
] | ||
|
||
write_attributes = ["email"] | ||
|
||
callback_urls = ["https://auth.${var.hostname}","https://auth.${var.hostname}/oauth2/idpresponse"] | ||
logout_urls = ["https://auth.${var.hostname}/logout"] | ||
} | ||
|
||
output "cognito_pool_id" { | ||
value = "${aws_cognito_user_pool.users.id}" | ||
} | ||
output "cognito_client_id" { | ||
value = "${aws_cognito_user_pool_client.client.id}" | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
variable "user_pool" { | ||
description = "AWS Cognito pool name" | ||
} | ||
variable "hostname" { | ||
default = "{{ .Config.Frontend.Hostname }}" | ||
description = "AWS Cognito pool name" | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
resource "aws_s3_bucket" "www" { | ||
// Our bucket's name is going to be the same as our site's domain name. | ||
bucket = "${var.bucket_name}" | ||
// Because we want our site to be available on the internet, we set this so | ||
// anyone can read this bucket. | ||
acl = "public-read" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. At some point this should be changed to private, with proper access set up from Cloudfront, we have plenty of examples of that. Not important for now though. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. yup true, I just wanted to be a bit easier for demoing right now. We can just use the s3 url to load it. |
||
// We also need to create a policy that allows anyone to view the content. | ||
// This is basically duplicating what we did in the ACL but it's required by | ||
// AWS. This post: http://amzn.to/2Fa04ul explains why. | ||
policy = <<POLICY | ||
{ | ||
"Version":"2012-10-17", | ||
"Statement":[ | ||
{ | ||
"Sid":"AddPerm", | ||
"Effect":"Allow", | ||
"Principal": "*", | ||
"Action":["s3:GetObject"], | ||
"Resource":["arn:aws:s3:::${var.bucket_name}/*"] | ||
} | ||
] | ||
} | ||
POLICY | ||
|
||
// S3 understands what it means to host a website. | ||
website { | ||
// Here we tell S3 what to use when a request comes in to the root | ||
index_document = "index.html" | ||
error_document = "404.html" | ||
} | ||
} | ||
|
||
// TODO commented out for simpler demos | ||
|
||
// Use the AWS Certificate Manager to create an SSL cert for our domain. | ||
// This resource won't be created until you receive the email verifying you | ||
// own the domain and you click on the confirmation link. | ||
# resource "aws_acm_certificate" "certificate" { | ||
# // We want a wildcard cert so we can host subdomains later. | ||
# domain_name = "*.${local.www_domain_name}" | ||
# validation_method = "EMAIL" | ||
|
||
# // We also want the cert to be valid for the root domain even though we'll be | ||
# // redirecting to the www. domain immediately. | ||
# subject_alternative_names = ["${local.www_domain_name}"] | ||
# } | ||
|
||
resource "aws_cloudfront_distribution" "www_distribution" { | ||
// origin is where CloudFront gets its content from. | ||
origin { | ||
// We need to set up a "custom" origin because otherwise CloudFront won't | ||
// redirect traffic from the root domain to the www domain, that is from | ||
custom_origin_config { | ||
// These are all the defaults. | ||
http_port = "80" | ||
https_port = "443" | ||
origin_protocol_policy = "http-only" | ||
origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"] | ||
} | ||
|
||
// Here we're using our S3 bucket's URL! | ||
domain_name = "${aws_s3_bucket.www.website_endpoint}" | ||
// This can be any name to identify this origin. | ||
origin_id = "${var.bucket_name}" | ||
} | ||
|
||
enabled = true | ||
default_root_object = "index.html" | ||
|
||
// All values are defaults from the AWS console. | ||
default_cache_behavior { | ||
viewer_protocol_policy = "redirect-to-https" | ||
compress = true | ||
allowed_methods = ["GET", "HEAD"] | ||
cached_methods = ["GET", "HEAD"] | ||
// This needs to match the `origin_id` above. | ||
target_origin_id = "${var.bucket_name}" | ||
min_ttl = 0 | ||
default_ttl = 86400 | ||
max_ttl = 31536000 | ||
|
||
forwarded_values { | ||
query_string = false | ||
cookies { | ||
forward = "none" | ||
} | ||
} | ||
} | ||
|
||
# aliases = ["${local.www_domain_name}"] | ||
|
||
restrictions { | ||
geo_restriction { | ||
restriction_type = "none" | ||
} | ||
} | ||
|
||
viewer_certificate { | ||
# acm_certificate_arn = "${aws_acm_certificate.certificate.arn}" | ||
# ssl_support_method = "sni-only" | ||
cloudfront_default_certificate = true | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
variable "bucket_name" { | ||
description = "S3 hosting bucket name" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This shouldn't be a default, it should be passed in from where the module is being used.