This repository has been archived by the owner on Jun 2, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmain.tf
49 lines (45 loc) · 1.57 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
provider "aws" {}
data "aws_region" "current" {}
data "aws_caller_identity" "current" {}
resource "random_string" "bucket_suffix" {
length = 8
upper = false
special = false
}
locals {
s3_bucketname = "${var.AUTHENTICATION_DOMAIN == "" ? "google-authenticater-${random_string.bucket_suffix.result}" : "${var.AUTHENTICATION_HOST}.${var.AUTHENTICATION_DOMAIN}"}"
lambda_zip = "lambda.zip"
awsconfig = <<EOF
window.config = {
roleArn: "${aws_iam_role.google_authentication.arn}",
region: "${data.aws_region.current.name}",
apiGatewayUrl: "${join("/", slice(split("/", aws_api_gateway_deployment.token_bridge_api_deployment.invoke_url), 0, length(split("/", aws_api_gateway_deployment.token_bridge_api_deployment.invoke_url))-1))}",
apiGatewayPath: "/${join("/",slice(split("/", aws_api_gateway_deployment.token_bridge_api_deployment.invoke_url), length(split("/", aws_api_gateway_deployment.token_bridge_api_deployment.invoke_url))-1, length(split("/", aws_api_gateway_deployment.token_bridge_api_deployment.invoke_url))))}",
}
EOF
}
resource "aws_iam_role" "google_authentication" {
name = "Google_Authenticated_Users"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "accounts.google.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"accounts.google.com:aud": "${var.GOOGLE_CLIENT_ID}",
"accounts.google.com:sub": [
"${var.GOOGLE_ID}"
]
}
}
}
]
}
EOF
}