-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use existing identity provider in temporary environments (#717)
⚠️ Release notes: Admins that are updating their project to include this feature at the same time as the identity-provider feature and who set enable_identity_provider = true should be warned that the `ci-infra-service` github action will fail because it will attempt to connect to an existing identity provider when one doesn't yet exist for that environment. Mitigation strategies: - Ignore failing test and run `terraform plan` on the environment outside of CI to verify the update is working correctly - Temporarily manually create a user pool resource in the AWS Console with the expected identity_provider_name so that CI can connect to that. Delete the resource before merging
- Loading branch information
1 parent
8e42ad7
commit da5e865
Showing
15 changed files
with
85 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
15 changes: 15 additions & 0 deletions
15
infra/modules/identity-provider-client/resources/access-control.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
data "aws_caller_identity" "current" {} | ||
data "aws_region" "current" {} | ||
|
||
resource "aws_iam_policy" "identity_access" { | ||
name = "${var.name}-identity-access" | ||
policy = data.aws_iam_policy_document.identity_access.json | ||
} | ||
|
||
data "aws_iam_policy_document" "identity_access" { | ||
statement { | ||
actions = ["cognito-idp:*"] | ||
effect = "Allow" | ||
resources = ["arn:aws:cognito-idp:${data.aws_region.current.name}:${data.aws_caller_identity.current.id}:userpool/${var.user_pool_id}"] | ||
} | ||
} |
2 changes: 1 addition & 1 deletion
2
.../modules/identity-provider-client/main.tf → ...dentity-provider-client/resources/main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 2 additions & 1 deletion
3
...dules/identity-provider-client/outputs.tf → ...tity-provider-client/resources/outputs.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
############################################################################################ | ||
## A module for retrieving an existing Cognito User Pool | ||
############################################################################################ | ||
data "aws_cognito_user_pools" "existing_user_pools" { | ||
name = var.name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
output "user_pool_id" { | ||
description = "The ID of the user pool." | ||
value = tolist(data.aws_cognito_user_pools.existing_user_pools.ids)[0] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
variable "name" { | ||
type = string | ||
description = "The name of an existing cognito user pool" | ||
} |
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters