diff --git a/.deepsource.toml b/.deepsource.toml index 9fa5be7..18b001a 100644 --- a/.deepsource.toml +++ b/.deepsource.toml @@ -1,4 +1,4 @@ version = 1 [[analyzers]] -name = "terraform" +name = "terraform" \ No newline at end of file diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..231c9a6 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove/approvers @clouddrove-ci diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..e414e28 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,12 @@ +## what +* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) +* Use bullet points to be concise and to the point. + +## why +* Provide the justifications for the changes (e.g. business case). +* Describe why these changes were made (e.g. why do these commits fix the problem?) +* Use bullet points to be concise and to the point. + +## references +* Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). +* Use `closes #123`, if this PR closes a Jira issue `#123` diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml index 445106d..d10f4a1 100644 --- a/.github/workflows/auto_assignee.yml +++ b/.github/workflows/auto_assignee.yml @@ -1,11 +1,13 @@ name: Auto Assign PRs + on: pull_request: types: [opened, reopened] + workflow_dispatch: jobs: assignee: - uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.10 secrets: GITHUB: ${{ secrets.GITHUB }} with: diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 4dfecf6..1e38d9d 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -4,9 +4,9 @@ on: pull_request: jobs: auto-merge: - uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@1.0.10 secrets: GITHUB: ${{ secrets.GITHUB }} with: - tfcheck: 'tf-checks-example / Evaluate Terraform versions (1.6.5, ./_example/)' + tfcheck: '_example / Check code format' ... diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 2d1b73e..c2a8cd4 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: changelog: - uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.10 secrets: inherit with: - branch: 'master' \ No newline at end of file + branch: 'master' diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 4086f25..1eb0243 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -10,37 +10,36 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout' - uses: actions/checkout@v2.3.4 + uses: actions/checkout@master - name: 'Set up Python 3.7' - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' - name: 'create readme' - uses: 'clouddrove/github-actions@v9.0.2' + uses: 'clouddrove/github-actions@9.0.3' with: actions_subcommand: 'readme' - github_token: '${{ secrets.GITHUB}}' + github_token: '${{ secrets.GITHUB }}' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} - + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: 'pre-commit check errors' - uses: pre-commit/action@v2.0.0 + uses: pre-commit/action@v3.0.0 continue-on-error: true - name: 'pre-commit fix erros' - uses: pre-commit/action@v2.0.0 + uses: pre-commit/action@v3.0.0 continue-on-error: true - name: 'push readme' - uses: 'clouddrove/github-actions@v9.0.2' + uses: 'clouddrove/github-actions@9.0.3' continue-on-error: true with: actions_subcommand: 'push' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: 'Slack Notification' uses: clouddrove/action-slack@v2 @@ -51,4 +50,4 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() \ No newline at end of file + if: always() diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index 48995a7..0000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,84 +0,0 @@ -name: static-checks - -on: - pull_request: - -jobs: - versionExtract: - name: Get min/max versions - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@main - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - - versionEvaluate: - name: Evaluate Terraform versions - runs-on: ubuntu-latest - needs: versionExtract - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.versionExtract.outputs.minVersion }} - - ${{ needs.versionExtract.outputs.maxVersion }} - directory: - - _example/ - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ matrix.version }} - - - name: 'Configure AWS Credentials' - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: Init & validate v${{ matrix.version }} - run: | - cd ${{ matrix.directory }} - terraform init - terraform validate - terraform plan -input=false -no-color - - - name: tflint - uses: reviewdog/action-tflint@master - with: - tflint_version: v0.29.0 - github_token: ${{ secrets.GITHUB }} - working_directory: ${{ matrix.directory }} - fail_on_error: 'true' - filter_mode: 'nofilter' - flags: '--module' - - format: - name: Check code format - runs-on: ubuntu-latest - needs: versionExtract - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} - - - name: Check Terraform format changes - run: terraform fmt --recursive diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml deleted file mode 100644 index 9747df1..0000000 --- a/.github/workflows/terratest.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: 'Terratest GitHub Actions' -on: - pull_request: - branches: - - master - types: [labeled] - -jobs: - DNS: - name: 'Terratest for DNS' - runs-on: ubuntu-latest - steps: - - - name: Checkout Repo - uses: actions/checkout@master - # Setup gcloud CLI - - - name: Auth Gcp - uses: google-github-actions/auth@v1 - with: - credentials_json: ${{ secrets.GKE_KEY }} - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1 - - - name: 'Terratest Generate Certificate DNS' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: _test/generate-certificate-dns - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() - - Email: - name: 'Terratest for Email' - runs-on: ubuntu-latest - steps: - - - name: Checkout Repo - uses: actions/checkout@master - # Setup gcloud CLI - - - name: Auth Gcp - uses: google-github-actions/auth@v1 - with: - credentials_json: ${{ secrets.GKE_KEY }} - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1 - - - name: 'Terratest Generate Certificate Email' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v9.0.1' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: _test/generate-certificate-email - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() \ No newline at end of file diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index b04dea6..574ddef 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -5,7 +5,7 @@ on: pull_request: workflow_dispatch: jobs: - tf-checks-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 + _example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.10 with: working_directory: './_example/' diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml index 0875a68..e52fe96 100644 --- a/.github/workflows/tflint.yml +++ b/.github/workflows/tflint.yml @@ -6,6 +6,6 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.10 secrets: GITHUB: ${{ secrets.GITHUB }} diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 6044183..cac5e20 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: jobs: tfsec: - uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.10 secrets: inherit with: - working_directory: '.' \ No newline at end of file + working_directory: '.' diff --git a/.gitignore b/.gitignore index c503405..7bacaf4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,40 +1,210 @@ -# Local .terraform directories -**/.terraform/* +# ignored files +*~ -# .tfstate files -*.tfstate -*.tfstate.* +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* -# Crash log files -crash.log +# KDE directory preferences +.directory -# Ignore any .tfvars files that are generated automatically for each Terraform run. Most -# .tfvars files are managed as part of configuration and so should be included in -# version control. -# -# example.tfvars +# Linux trash folder which might appear on any partition or disk +.Trash-* -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json +# .nfs files are created when an open file is removed but is still being accessed +.nfs* +### Eclipse template -# Include override files you do wish to add to version control using negated pattern -# -# !example_override.tf +.metadata +bin/ +tmp/ +*.tmp +*.bak +*.swp +*~.nib +local.properties +.settings/ +.loadpath +.recommenders -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* +# External tool builders +.externalToolBuilders/ +# Locally stored "Eclipse launch configurations" +*.launch +# PyDev specific (Python IDE for Eclipse) +*.pydevproject +# CDT-specific (C/C++ Development Tooling) +.cproject + +# Java annotation processor (APT) +.factorypath + +# PDT-specific (PHP Development Tools) +.buildpath + +# sbteclipse plugin +.target + +# Tern plugin +.tern-project + +# TeXlipse plugin +.texlipse + +# STS (Spring Tool Suite) +.springBeans + +# Code Recommenders +.recommenders/ + +# Scala IDE specific (Scala & Java development for Eclipse) +.cache-main +.scala_dependencies +.worksheet +### Windows template +# Windows thumbnail cache files +Thumbs.db +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msm +*.msp + +# Windows shortcuts +*.lnk +### Ansible template +*.retry +### macOS template +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk +### Archives template +# It's better to unpack these files and commit the raw source because +# git has its own built in compression methods. +*.7z +*.jar +*.rar +*.zip +*.gz +*.tgz +*.bzip +*.bz2 +*.xz +*.lzma +*.cab + +# Packing-only formats +*.iso +*.tar + +# Package management formats +*.dmg +*.xpi +*.gem +*.egg +*.deb +*.rpm +*.msi +*.msm +*.msp +### JetBrains template +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +/.idea/ +# User-specific stuff: +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/dictionaries + +# Sensitive or high-churn files: +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.xml +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml + +# Gradle: +.idea/**/gradle.xml +.idea/**/libraries + +# CMake +cmake-build-debug/ + +# Mongo Explorer plugin: +.idea/**/mongoSettings.xml + +## File-based project format: +*.iws + +## Plugin-specific files: + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ +# User-specific stuff: +.idea/* +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# TFstste +*.tfstate* + +deployment/_logs/ansible-log.json +deployment/_logs/ansible-log.log +deployment/_logs/facts/* +deployment/_logs/retry/* +_app/* +ansible-log.json +.terraform +terraform.tfstate -# ignored files *.tfstate *.tfstate.backup -.terraform -.idea *.iml -*.terraform.lock.hcl \ No newline at end of file +*.terraform.lock.hcl +*.lock.hcl \ No newline at end of file diff --git a/_example/example.tf b/_example/example.tf index 47f0e6e..7d94a15 100644 --- a/_example/example.tf +++ b/_example/example.tf @@ -9,14 +9,12 @@ module "cognito" { environment = "test" label_order = ["environment", "name"] - enabled = true - allow_admin_create_user_only = false - advanced_security_mode = "OFF" - domain = "clouddrove" - mfa_configuration = "ON" - allow_software_mfa_token = true - deletion_protection = "INACTIVE" - email_subject = "Sign up for ." + enabled = true + advanced_security_mode = "OFF" + domain = "clouddrove" + mfa_configuration = "ON" + allow_software_mfa_token = true + email_subject = "Sign up for ." users = { user01 = { diff --git a/_example/versions.tf b/_example/versions.tf index cbc6f9c..8a25625 100644 --- a/_example/versions.tf +++ b/_example/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.6.6" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.31.0" } } } \ No newline at end of file diff --git a/_test/cognito_test.go b/_test/cognito_test.go deleted file mode 100644 index 70591dd..0000000 --- a/_test/cognito_test.go +++ /dev/null @@ -1,32 +0,0 @@ -// Managed By : CloudDrove -// Description : This Terratest is used to test the Terraform Elasticsearch module. -// Copyright @ CloudDrove. All Right Reserved. -package test - -import ( - "testing" - "github.com/gruntwork-io/terratest/modules/terraform" - "github.com/stretchr/testify/assert" -) - -func Test(t *testing.T) { - t.Parallel() - - terraformOptions := &terraform.Options{ - // Source path of Terraform directory. - TerraformDir: "../_example", - Upgrade: true, - } - - // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur - terraform.InitAndApply(t, terraformOptions) - - // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test - defer terraform.Destroy(t, terraformOptions) - - // To get the value of an output variable, run 'terraform output' - Tags := terraform.OutputMap(t, terraformOptions, "tags") - - // Check that we get back the outputs that we expect - assert.Equal(t, "test-cognito", Tags["Name"]) -} diff --git a/_test/go.mod b/_test/go.mod deleted file mode 100644 index 26c69aa..0000000 --- a/_test/go.mod +++ /dev/null @@ -1,8 +0,0 @@ -module github.com/clouddrove/terraform-aws-cognito - -go 1.13 - -require ( - github.com/gruntwork-io/terratest v0.30.11 - github.com/stretchr/testify v1.6.1 -) diff --git a/main.tf b/main.tf index abdd922..5bbc6c5 100644 --- a/main.tf +++ b/main.tf @@ -44,7 +44,7 @@ data "aws_iam_policy_document" "authenticated_assume" { variable = "cognito-identity.amazonaws.com:aud" values = [ - aws_cognito_identity_pool.identity_pool.*.id[0], + aws_cognito_identity_pool.identity_pool[*].id[0], ] } condition { @@ -93,7 +93,7 @@ data "aws_iam_policy_document" "unauthenticated_assume" { variable = "cognito-identity.amazonaws.com:aud" values = [ - aws_cognito_identity_pool.identity_pool.*.id[0], + aws_cognito_identity_pool.identity_pool[*].id[0], ] } condition { @@ -117,7 +117,7 @@ data "aws_iam_policy_document" "unauthenticated" { resource "aws_cognito_identity_pool_roles_attachment" "identity_pool" { count = var.enabled ? 1 : 0 - identity_pool_id = aws_cognito_identity_pool.identity_pool.*.id[0] + identity_pool_id = aws_cognito_identity_pool.identity_pool[*].id[0] roles = { "authenticated" = module.auth-role.arn "unauthenticated" = module.unauth-role.arn @@ -291,7 +291,7 @@ resource "aws_cognito_user_pool_client" "client" { prevent_user_existence_errors = lookup(element(local.clients, count.index), "prevent_user_existence_errors", null) write_attributes = lookup(element(local.clients, count.index), "write_attributes", null) enable_token_revocation = lookup(element(local.clients, count.index), "enable_token_revocation", null) - user_pool_id = aws_cognito_user_pool.user_pool.*.id[0] + user_pool_id = aws_cognito_user_pool.user_pool[*].id[0] # token_validity_units dynamic "token_validity_units" { @@ -352,19 +352,16 @@ locals { ] clients = length(var.clients) == 0 && (var.client_name == null || var.client_name == "") ? [] : (length(var.clients) > 0 ? local.clients_parsed : local.clients_default) - } - # -------------------------------------------------------------------------- # Cognito - Domain # -------------------------------------------------------------------------- - resource "aws_cognito_user_pool_domain" "domain" { count = !var.enabled || var.domain == null || var.domain == "" ? 0 : 1 domain = var.domain certificate_arn = var.domain_certificate_arn - user_pool_id = aws_cognito_user_pool.user_pool.*.id[0] + user_pool_id = aws_cognito_user_pool.user_pool[*].id[0] } resource "aws_cognito_identity_pool" "identity_pool" { @@ -374,18 +371,16 @@ resource "aws_cognito_identity_pool" "identity_pool" { lifecycle { ignore_changes = [cognito_identity_providers] } } - # -------------------------------------------------------------------------- # Cognito - User Group # -------------------------------------------------------------------------- - resource "aws_cognito_user_group" "main" { count = var.enabled ? length(local.groups) : 0 name = lookup(element(local.groups, count.index), "name") description = lookup(element(local.groups, count.index), "description") precedence = lookup(element(local.groups, count.index), "precedence") role_arn = lookup(element(local.groups, count.index), "role_arn") - user_pool_id = aws_cognito_user_pool.user_pool.*.id[0] + user_pool_id = aws_cognito_user_pool.user_pool[*].id[0] } locals { @@ -409,17 +404,15 @@ locals { ] groups = length(var.user_groups) == 0 && (var.user_group_name == null || var.user_group_name == "") ? [] : (length(var.user_groups) > 0 ? local.groups_parsed : local.groups_default) - } - # -------------------------------------------------------------------------- # Cognito - Users # -------------------------------------------------------------------------- resource "aws_cognito_user" "users" { for_each = var.users - user_pool_id = aws_cognito_user_pool.user_pool.*.id[0] + user_pool_id = aws_cognito_user_pool.user_pool[*].id[0] username = each.value.email desired_delivery_mediums = var.desired_delivery_mediums @@ -454,5 +447,5 @@ resource "aws_cognito_resource_server" "resource_servers" { } } - user_pool_id = aws_cognito_user_pool.user_pool.*.id[0] + user_pool_id = aws_cognito_user_pool.user_pool[*].id[0] } \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index ae28dc1..7a42ecc 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,15 +1,15 @@ output "user_pool_id" { - value = aws_cognito_user_pool.user_pool.*.id[0] + value = aws_cognito_user_pool.user_pool[*].id[0] description = "(Required) User pool the client belongs to." } output "name" { - value = aws_cognito_user_pool.user_pool.*.name[0] + value = aws_cognito_user_pool.user_pool[*].name[0] description = "(Required) Name of the application client." } output "app_client_id" { - value = aws_cognito_user_pool_client.client.*.id[0] + value = aws_cognito_user_pool_client.client[*].id[0] description = "ID of the user pool client." } diff --git a/variables.tf b/variables.tf index 45c17ff..224b1c6 100644 --- a/variables.tf +++ b/variables.tf @@ -30,24 +30,12 @@ variable "managedby" { description = "ManagedBy, eg 'CloudDrove'" } -variable "attributes" { - type = list(any) - default = [] - description = "Additional attributes (e.g. `1`)." -} - variable "enabled" { type = bool default = true description = "Flag to control the cognito creation." } -variable "tags" { - type = map(any) - default = {} - description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)." -} - #Module : User Pool #Description : @@ -103,14 +91,6 @@ variable "case_sensitive" { ## Admin Create USer ################################################ -#### Password - -variable "allow_admin_create_user_only" { - type = bool - description = "(Optional) Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app." - default = true -} - variable "minimum_length" { type = number description = "(Optional) The minimum length of the password policy that you have set." @@ -329,13 +309,6 @@ variable "client_supported_identity_providers" { default = null } -variable "identity_providers" { - description = "Cognito Pool Identity Providers" - type = list(any) - default = [] - sensitive = true -} - variable "client_write_attributes" { description = "(Optional) List of Cognito User Pool attributes the application client can write to." type = list(string) @@ -466,16 +439,6 @@ variable "desired_delivery_mediums" { default = ["EMAIL"] } -######################################################################################################################################### -### Deletion Protection -######################################################################################################################################### - -variable "deletion_protection" { - description = "When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are `ACTIVE` and `INACTIVE`." - type = string - default = "INACTIVE" -} - ######################################################################################################################################### # Resource Server ######################################################################################################################################### diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..8a25625 --- /dev/null +++ b/versions.tf @@ -0,0 +1,11 @@ +# Terraform version +terraform { + required_version = ">= 1.6.6" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.31.0" + } + } +} \ No newline at end of file