Merge pull request #12 from mineiros-io/cognito-domain

Add support for the aws_cognito_user_pool_domain resource
mineiros-io · Aug 5, 2020 · 117965f · 117965f
2 parents 8a0afbf + 1ca1511
commit 117965f
Show file tree

Hide file tree

Showing 10 changed files with 57 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.2] - 2020-08-05
+### Added
+- Add support for `aws_cognito_user_pool_domain`
+
 ## [0.1.1] - 2020-08-04
 ### Fixed
 - Fix email subject for admin invites
@@ -30,8 +34,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add unit tests for basic use cases
 
 <!-- markdown-link-check-disable -->
-[Unreleased]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.1.1...HEAD
-[0.1.1]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.1.0...v0.1.1
+[Unreleased]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.1.2...HEAD
+[0.1.2]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.1.1...v0.1.2
 <!-- markdown-link-check-enable -->
+[0.1.1]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.1.0...v0.1.1
 [0.1.0]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.0.1...v0.1.0
 [0.0.1]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/releases/tag/v0.0.1
diff --git a/README.md b/README.md
@@ -46,9 +46,9 @@ pre-configured.
 **Standard Cognito Features**:
   Create a Cognito User Pool with pre-configured best practices.
   Create Cognito User Pool Clients.
+  Create a Cognito User Pool Domain.
 
 - *Features not yet implemented*:
-  [`cognito_user_pool_domain`](https://www.terraform.io/docs/providers/aws/r/cognito_user_pool_domain.html)
   [`cognito_user_group`](https://www.terraform.io/docs/providers/aws/r/cognito_user_group.html)
   [`cognito_resource_server`](https://www.terraform.io/docs/providers/aws/r/cognito_resource_server.html)
 
@@ -59,7 +59,7 @@ Most basic usage just setting required arguments:
 ```hcl
 module "terraform-aws-cognito-user-pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.1.1"
+  version = "~> 0.1.2"
 
   name = "application-userpool"
 }
@@ -350,6 +350,23 @@ for details and use-cases.
     Alice     = "Bob"
   }
   ```
+#### Cognito User Pool Domain
+
+- **`domain`**: *(Optional `string`)*
+
+  The domain name that should be used. Can be set to a FQDN or prefix.
+  If no FQDN and `certificate_arn` are set, the domain prefix will be used for
+  the sign-up and sign-in pages that are hosted by Amazon Cognito,
+  e.g. `https://{YOUR_PREFIX}.auth.eu-west-1.amazoncognito.com`.
+  The prefix must be unique across the selected AWS Region.
+  Domain names can only contain lower-case letters, numbers, and hyphens. 
+
+    Default is not to use a custom domain.
+
+- **`certificate_arn `**: *(Optional `string`)*
+
+  The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.
+  Default is not to use a custom domain.
 
 #### Cognito User Pool Clients
 

diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -12,7 +12,7 @@ shows how to deploy a Cognito User Pool with custom settings.
 ```hcl
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.1.1"
+  version = "~> 0.1.2"
 
   name = "complete-example-userpool"
 

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -18,7 +18,7 @@ provider "aws" {
 
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.1.1"
+  version = "~> 0.1.2"
 
   name = "complete-example-userpool"
 
@@ -43,6 +43,7 @@ module "cognito_user_pool" {
   invite_email_message = "Hi {username}, your temporary password is '{####}'."
   invite_sms_message   = "Hi {username}, your temporary password is '{####}'."
 
+  domain                = "mineiros-dev"
   default_email_option  = "CONFIRM_WITH_LINK"
   email_subject_by_link = "Your Verification Link"
   email_message_by_link = "Please click the link below to verify your email address. {##Verify Email##}."

diff --git a/examples/user-pool-with-default-settings/README.md b/examples/user-pool-with-default-settings/README.md
@@ -13,7 +13,7 @@ defined in the [variables.tf] file of this module.
 ```hcl
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.1.1"
+  version = "~> 0.1.2"
 
   name = "example-userpool"
 }

diff --git a/examples/user-pool-with-default-settings/main.tf b/examples/user-pool-with-default-settings/main.tf
@@ -19,7 +19,7 @@ provider "aws" {
 
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.1.1"
+  version = "~> 0.1.2"
 
   name = "example-userpool"
 }
diff --git a/main.tf b/main.tf
@@ -201,3 +201,11 @@ resource "aws_cognito_user_pool_client" "client" {
   user_pool_id                         = aws_cognito_user_pool.user_pool[0].id
   write_attributes                     = each.value.write_attributes
 }
+
+resource "aws_cognito_user_pool_domain" "domain" {
+  count = var.module_enabled && var.domain != null ? 1 : 0
+
+  domain          = var.domain
+  certificate_arn = var.certificate_arn
+  user_pool_id    = aws_cognito_user_pool.user_pool[0].id
+}
diff --git a/outputs.tf b/outputs.tf
@@ -11,6 +11,11 @@ output "user_pool" {
   value       = try(aws_cognito_user_pool.user_pool[0], null)
 }
 
+output "domain" {
+  description = "The full `aws_cognito_user_pool` object."
+  value       = try(aws_cognito_user_pool_domain.domain[0], null)
+}
+
 output "clients" {
   description = "All Cognito User Pool Client resources associated with the Cognito User Pool."
   value       = { for client in aws_cognito_user_pool_client.client : client.name => merge(client, { client_secret = null }) }

diff --git a/test/user-pool/main.tf b/test/user-pool/main.tf
@@ -19,6 +19,7 @@ provider "aws" {
 module "cognito_user_pool" {
   source = "../../"
   name   = var.name
+  domain = "mineiros-test"
 
   schema_attributes = var.schema_attributes
 }
diff --git a/variables.tf b/variables.tf
@@ -66,6 +66,18 @@ variable "clients" {
   default = []
 }
 
+variable "domain" {
+  description = "(Optional) Type a domain prefix to use for the sign-up and sign-in pages that are hosted by Amazon Cognito, e.g. 'https://{YOUR_PREFIX}.auth.eu-west-1.amazoncognito.com'. The prefix must be unique across the selected AWS Region. Domain names can only contain lower-case letters, numbers, and hyphens."
+  type        = string
+  default     = null
+}
+
+variable "certificate_arn" {
+  description = "(Optional) The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain."
+  type        = string
+  default     = null
+}
+
 variable "default_client_allowed_oauth_flows" {
   description = "(Optional) List of allowed OAuth flows. Possible flows are 'code', 'implicit', and 'client_credentials'."
   type        = list(string)