SHARE
TWEET

Untitled

a guest Jul 17th, 2019 68 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ##############THE ROLE FOR EACH GROUP
  2. resource "aws_iam_role" "iam_role_auth_prod" {
  3.   name = "auth-kibana-prod-${terraform.workspace}"
  4. assume_role_policy = <<EOF
  5. {
  6.   "Version": "2012-10-17",
  7.   "Statement": [
  8.     {
  9.       "Effect": "Allow",
  10.       "Principal": {
  11.         "Federated": "cognito-identity.amazonaws.com"
  12.       },
  13.       "Action": "sts:AssumeRoleWithWebIdentity"
  14.     }
  15.   ]
  16. }
  17. EOF
  18. }
  19. resource "aws_iam_role" "iam_role_auth_dev" {
  20.   name = "auth-kibana-dev-${terraform.workspace}"
  21. assume_role_policy = <<EOF
  22. {
  23.   "Version": "2012-10-17",
  24.   "Statement": [
  25.     {
  26.       "Effect": "Allow",
  27.       "Principal": {
  28.         "Federated": "cognito-identity.amazonaws.com"
  29.       },
  30.       "Action": "sts:AssumeRoleWithWebIdentity"
  31.     }
  32.   ]
  33. }
  34. EOF
  35. }
  36. ################## USER GROUPS WITH ATTACHED ROLES
  37. resource "aws_cognito_user_group" "cognito_user_group_auth_prod" {
  38.   name         = "auth-kibana-prod-${terraform.workspace}"
  39.   user_pool_id = "${aws_cognito_user_pool.kibana.id}"
  40.   description  = "Managed by Terraform"
  41.   precedence   = 1
  42.   role_arn     = "${aws_iam_role.iam_role_auth_prod.arn}"
  43. }
  44. resource "aws_cognito_user_group" "cognito_user_group_auth_dev" {
  45.   name         = "auth-kibana-dev-${terraform.workspace}"
  46.   user_pool_id = "${aws_cognito_user_pool.kibana.id}"
  47.   description  = "Managed by Terraform"
  48.   precedence   = 1
  49.   role_arn     = "${aws_iam_role.iam_role_auth_dev.arn}"
  50. }
  51. ######### CREATE USERPOOL AND IDENTITY POOL
  52. resource "aws_cognito_user_pool" "kibana" {
  53.   name                     = "kibana user pool"
  54.   auto_verified_attributes = ["email"]
  55. admin_create_user_config = {
  56.     allow_admin_create_user_only = true
  57.   }
  58. schema {
  59.     attribute_data_type = "String"
  60.     name                = "email"
  61.     required            = true
  62.   }
  63. lifecycle {
  64.     ignore_changes = [
  65.       "schema",
  66.     ]
  67.   }
  68. alias_attributes = ["email"]
  69. }
  70. resource "aws_cognito_user_pool_domain" "kibana" {
  71.   domain       = "glabs-kibana"
  72.   user_pool_id = "${aws_cognito_user_pool.kibana.id}"
  73. lifecycle {
  74.     ignore_changes = [
  75.       "user_pool_id",
  76.     ]
  77.   }
  78. }
  79. resource "aws_cognito_identity_pool" "kibana" {
  80.   identity_pool_name               = "kibana pool"
  81.   allow_unauthenticated_identities = false
  82.   lifecycle {
  83.     ignore_changes = [
  84.       "cognito_identity_providers",
  85.     ]
  86.   }
  87. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top