Merge pull request #2 from sahil21/develop

Develop

main.tf

@@ -12,27 +12,53 @@ resource "aws_cognito_user_pool" "pool" {
   email_verification_subject = "${var.email_verification_subject}"
   email_verification_message = "${var.email_verification_message}"
 
+  admin_create_user_config {
+    allow_admin_create_user_only = "${var.allow_admin_create_user_only}"
+  }
+
   password_policy {
-    minimum_length    = "${lookup(var.password_policy, "minimum_length")}"
-    require_lowercase = "${lookup(var.password_policy, "require_lowercase")}"
-    require_numbers   = "${lookup(var.password_policy, "require_numbers")}"
-    require_symbols   = "${lookup(var.password_policy, "require_symbols")}"
-    require_uppercase = "${lookup(var.password_policy, "require_uppercase")}"
+    minimum_length    = "${var.password_policy_minimum_length}"
+    require_lowercase = "${var.password_policy_require_lowercase}"
+    require_numbers   = "${var.password_policy_require_numbers}"
+    require_symbols   = "${var.password_policy_require_symbols}"
+    require_uppercase = "${var.password_policy_require_uppercase}"
   }
 
   lambda_config {
-    create_auth_challenge          = "${lookup(var.lambda_config, "create_auth_challenge")}"
-    custom_message                 = "${lookup(var.lambda_config, "custom_message")}"
-    define_auth_challenge          = "${lookup(var.lambda_config, "define_auth_challenge")}"
-    post_authentication            = "${lookup(var.lambda_config, "post_authentication")}"
-    post_confirmation              = "${lookup(var.lambda_config, "post_confirmation")}"
-    pre_authentication             = "${lookup(var.lambda_config, "pre_authentication")}"
-    pre_sign_up                    = "${lookup(var.lambda_config, "pre_sign_up")}"
-    pre_token_generation           = "${lookup(var.lambda_config, "pre_token_generation")}"
-    user_migration                 = "${lookup(var.lambda_config, "user_migration")}"
-    verify_auth_challenge_response = "${lookup(var.lambda_config, "verify_auth_challenge_response")}"
+    create_auth_challenge          = "${var.lambda_config_create_auth_challenge}"
+    custom_message                 = "${var.lambda_config_custom_message}"
+    define_auth_challenge          = "${var.lambda_config_define_auth_challenge}"
+    post_authentication            = "${var.lambda_config_post_authentication}"
+    post_confirmation              = "${var.lambda_config_post_confirmation}"
+    pre_authentication             = "${var.lambda_config_pre_authentication}"
+    pre_sign_up                    = "${var.lambda_config_pre_sign_up}"
+    pre_token_generation           = "${var.lambda_config_pre_token_generation}"
+    user_migration                 = "${var.lambda_config_user_migration}"
+    verify_auth_challenge_response = "${var.lambda_config_verify_auth_challenge_response}"
   }
 
+  username_attributes = "${var.username_attributes}"
+
+  auto_verified_attributes = "${var.auto_verified_attributes}"
+
   tags = "${var.tags}"
 
 }
+
+resource "aws_cognito_user_pool_client" "client" {
+
+  name = "${module.label.id}"
+  user_pool_id = "${aws_cognito_user_pool.pool.id}"
+  allowed_oauth_flows = "${var.allowed_oauth_flows}"
+  allowed_oauth_scopes = "${var.allowed_oauth_scopes}"
+  callback_urls = "${var.callback_urls}"
+  logout_urls = "${var.logout_urls}"
+  supported_identity_providers = "${var.supported_identity_providers}"
+  refresh_token_validity = "${var.refresh_token_validity}"
+
+}
+
+resource "aws_cognito_user_pool_domain" "domain" {
+    domain = "${var.domain}"
+    user_pool_id = "${aws_cognito_user_pool.pool.id}"
+}

outputs.tf

@@ -0,0 +1,54 @@
+output "userpool_id" {
+    value = "${aws_cognito_user_pool.pool.id}"
+    description = "The id of the user pool"
+}
+
+output "userpool_arn" {
+    value = "${aws_cognito_user_pool.pool.arn}"
+    description = "The ARN of the user pool"
+}
+
+output "userpool_endpoint" {
+    value = "${aws_cognito_user_pool.pool.endpoint}"
+    description = "The endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxx_yyyyy"
+}
+
+output "userpool_creation_date" {
+    value = "${aws_cognito_user_pool.pool.creation_date}"
+    description = "The date the user pool was created"
+}
+
+output "userpool_last_modified_date" {
+	value = "${aws_cognito_user_pool.pool.last_modified_date}"
+	description = "The date the user pool was last modified"
+}
+
+output "userpool_client_id" {
+  value       = "${aws_cognito_user_pool_client.client.id}"
+  description = "The id of the user pool client"
+}
+
+output "userpool_client_secret" {
+  value = "${aws_cognito_user_pool_client.client.client_secret}"
+  description = "The client secret of the user pool client"
+}
+
+output "aws_account_id" {
+  value = "${aws_cognito_user_pool_domain.domain.aws_account_id}"
+  description = "The AWS account ID for the user pool owner"
+}
+
+output "cloudfront_distribution_arn" {
+  value = "${aws_cognito_user_pool_domain.domain.cloudfront_distribution_arn}"
+  description = "The ARN of the CloudFront distribution"
+}
+
+output "s3_bucket" {
+  value = "${aws_cognito_user_pool_domain.domain.s3_bucket}"
+  description = "The S3 bucket where the static files for this domain are stored"
+}
+
+output "version" {
+  value = "${aws_cognito_user_pool_domain.domain.version}"
+  description = "The app version"
+}

variables.tf

@@ -29,31 +29,131 @@ variable "email_verification_message" {
   description = "Message of verification E-mail"
 }
 
-variable "password_policy" {
-  type    = "map"
-  default = {
-    "minimum_length" = 8
-    "require_lowercase" = false
-    "require_numbers" = true
-    "require_symbols" =false
-    "require_uppercase" =true
-  }
-  description = "Password Policy for Cognito User Pool"
-}
-
-variable "lambda_config" {
-  type = "map"
-  default = {
-    "create_auth_challenge" = ""
-    "custom_message" = ""
-    "define_auth_challenge" = ""
-    "post_authentication" = ""
-    "post_confirmation" = ""
-    "pre_authentication" = ""
-    "pre_sign_up" = ""
-    "pre_token_generation" = ""
-    "user_migration" = ""
-    "verify_auth_challenge_response" = ""
-  }
-  description = "A container for the AWS Lambda triggers associated with the user pool"  
+variable "username_attributes" {
+  type = "list"
+  default = ["email"]
+  description = "Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up"
+}
+
+variable "auto_verified_attributes" {
+  type = "list"
+  default = ["email"]
+  description = "The attributes to be auto-verified. Possible values: email, phone_number"
+}
+
+variable "allow_admin_create_user_only" {
+  default = false
+  description = "Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app"
+}
+
+variable "password_policy_minimum_length" {
+  default = 8
+  description = "The minimum length of the password policy that you have set"
+}
+
+variable "password_policy_require_lowercase" {
+  default = false
+  description = "Whether you have required users to use at least one lowercase letter in their password"
+}
+
+variable "password_policy_require_numbers" {
+  default = false
+  description = "Whether you have required users to use at least one number in their password"
+}
+
+variable "password_policy_require_symbols" {
+  default = false
+  description = "Whether you have required users to use at least one symbol in their password"
+}
+
+variable "password_policy_require_uppercase" {
+  default = false
+  description = "Whether you have required users to use at least one uppercase letter in their password"
+}
+
+variable "lambda_config_create_auth_challenge" {
+  default = ""
+  description = "The ARN of the lambda creating an authentication challenge"
+}
+
+variable "lambda_config_custom_message" {
+  default = ""
+  description = "A custom Message AWS Lambda trigger"
+}
+
+variable "lambda_config_define_auth_challenge" {
+  default = ""
+  description = "Defines the authentication challenge"
+}
+
+variable "lambda_config_post_authentication" {
+  default = ""
+  description = "A post-authentication AWS Lambda trigger"
+}
+
+variable "lambda_config_post_confirmation" {
+  default = ""
+  description = "A post-confirmation AWS Lambda trigger"
+}
+
+variable "lambda_config_pre_authentication" {
+  default = ""
+  description = "A pre-authentication AWS Lambda trigger"
+}
+
+variable "lambda_config_pre_sign_up" {
+  default = ""
+  description = "A pre-registration AWS Lambda trigger"
+}
+
+variable "lambda_config_pre_token_generation" {
+  default = ""
+  description = "Allow to customize identity token claims before token generation"
+}
+
+variable "lambda_config_user_migration" {
+  default = ""
+  description = "The user migration Lambda config type"
+}
+
+variable "lambda_config_verify_auth_challenge_response" {
+  default = ""
+  description = "Verifies the authentication challenge response"
+}
+
+variable "allowed_oauth_flows" {
+  default = ["code", "implicit"]
+  description = "List of allowed OAuth flows (code, implicit, client_credentials)"
+}
+
+variable "allowed_oauth_scopes" {
+  default = ["phone", "email", "openid", "profile", "aws.cognito.signin.user.admin"]
+  description = "List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin)"
+}
+
+variable "callback_urls" {
+  type = "list"
+  default = []
+  description = "List of allowed callback URLs for the identity providers"
+}
+
+variable "logout_urls" {
+  type = "list"
+  default = []
+  description = "List of allowed logout URLs for the identity providers"
+}
+
+variable "supported_identity_providers" {
+  type = "list"
+  default = ["COGNITO"]
+  description = "List of provider names for the identity providers that are supported on this client"
+}
+
+variable "refresh_token_validity" {
+  default = 30
+  description = "The time limit in days refresh tokens are valid for"
+}
+
+variable "domain" {
+    description = "The domain string"
 }