Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add cognito to Terraform #61

Closed
wants to merge 4 commits into from
Closed

Add cognito to Terraform #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c2b3d8a
adding cognito for people depot
chelseybeck Mar 10, 2024
7e34578
adding cognito module for project use
chelseybeck Mar 10, 2024
5c9ca41
specifying project name
chelseybeck Mar 10, 2024
21e4722
adding additional configs as example
chelseybeck Mar 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions terraform-incubator/people-depot/project/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,15 @@ module "people_depot" {
root_db_password = var.root_db_password
}

module "cognito" {
source = "../../../terraform-modules/cognito"

region = "us-west-2"
user_pool_name = "people-depot-user-pool"
client_name = "people-depot-client"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question mainly for my understanding: where should the configuration of the project user pool and client be defined? Does the project create more resources in this file? or is it using the resources configuration defined in cognito/main.tf and the 3 var fields are the only customization possible?

I think people depot deployment will eventually need several clients, ones with secret for the backends (people depot and CTJ?), and ones without secret for frontends (VRMS, website, CTJ?).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey @fyliu - apologies for the late response here...i just noticed these comments yesterday.

the modules are basically the recipes that any project can use to build what they need. the variables can have default values but those can be overridden if you pass values when calling the module. so, files in /cognito define the resources (main.tf), along w/ their variables and outputs

the main.tf file inside of people-depot/project calls that module and passes the client info (or whatever other configs you want to pass it)

for adding multiple clients, you'd call the module multiple times like so:

module "cognito_1" {
  source = "../../../terraform-modules/cognito"

  region         = "us-west-2"
  user_pool_name = "x-user-pool"
  client_name    = "x-client"
}
module "cognito_2" {
  source = "../../../terraform-modules/cognito"

  region         = "us-west-2"
  user_pool_name = "x-user-pool"
  client_name    = "x-client"
}

if the configs need to change (like generate_secret = true) - then we can designate those as variables when creating the module and then pass the value when calling the module in project/main.tf

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also, each project would use the module inside their project directory's main.tf file. if it's a shared resource, we can move it to a shared directory...but it sounded like this would be project specific

}


variable "root_db_password" {
type = string
description = "root database password"
Expand Down
19 changes: 19 additions & 0 deletions terraform-modules/cognito/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
resource "aws_cognito_user_pool" "main" {
name = var.user_pool_name

// Add additional configurations here
}

resource "aws_cognito_user_pool_client" "main" {
name = var.client_name
user_pool_id = aws_cognito_user_pool.main.id

// Configure client here
// For example:
generate_secret = false
allowed_oauth_flows = ["code", "implicit"]
allowed_oauth_scopes = ["email", "openid"]
allowed_oauth_flows_user_pool_client = true

// Other configurations like callback URLs, logout URLs, etc.
}
9 changes: 9 additions & 0 deletions terraform-modules/cognito/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
output "user_pool_id" {
description = "The ID of the Cognito User Pool"
value = aws_cognito_user_pool.main.id
}

output "user_pool_client_id" {
description = "The ID of the Cognito User Pool Client"
value = aws_cognito_user_pool_client.main.id
}
15 changes: 15 additions & 0 deletions terraform-modules/cognito/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
variable "region" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should something be using this var? It doesn't look like this var is being referenced in any resource.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it's set to the wrong default thought, i think...which is getting overridden when called in project/main.tf. here we're saying...these are the possible variables for these resources...we may or may not add defaults...and they can be overridden when called in other main.tf files

description = "AWS region"
type = string
default = "us-east-1"
}

variable "user_pool_name" {
description = "Name of the Cognito User Pool"
type = string
}

variable "client_name" {
description = "Name of the Cognito User Pool Client"
type = string
}
Loading