Creates a private website behind a cloudfront distribution, with SSL enabled. Custom Cognito hosted UI is put in front of it.
The website files are hosted in an S3 bucket which is also created by the module.
module "website" {
source = "timmeinerzhagen/website-secure/aws"
name = "tf-my-project"
domain = "example.com"
custom_domain = "example.com"
domain_aliases = ["www.example.com"]
is_spa = false
csp = {
allow_default = ["api.mysite.com"]
allow_style = ["'unsafe-inline'"]
allow_img = ["data:"]
allow_font = []
allow_frame = []
allow_manifest = []
allow_connect = []
}
cloudfront_cache_duration = 86400
cognito_path_refresh_auth = "/refreshauth"
cognito_path_logout = "/"
cognito_path_parse_auth = "/parseauth"
cognito_refresh_token_validity = 3650
cognito_additional_redirects = ["http:https://localhost:3000"] // Useful for development purposes
cognito_domain_prefix = "login"
}
| Name | Version |
|---|---|
| terraform | >= 1.0.2 |
| archive | >= 2.2.0, < 3.0.0 |
| aws | >= 3.61.0, < 4.0.0 |
| Name | Version |
|---|---|
| aws | 3.64.2 |
| random | 3.1.0 |
| Name | Source | Version |
|---|---|---|
| acm | terraform-aws-modules/acm/aws | ~> 3.0 |
| cloudfront | terraform-aws-modules/cloudfront/aws | 2.8.0 |
| cognito-user-pool | lgallard/cognito-user-pool/aws | 0.14.2 |
| lambda_function | ./modules/lambda | n/a |
| log_bucket | terraform-aws-modules/s3-bucket/aws | ~> 2.0 |
| records | terraform-aws-modules/route53/aws//modules/records | 2.3.0 |
| website-bucket | terraform-aws-modules/s3-bucket/aws | ~> 2.0 |
| Name | Type |
|---|---|
| aws_route53_record.cognito-domain | resource |
| aws_s3_bucket_policy.bucket_policy | resource |
| random_pet.this | resource |
| aws_canonical_user_id.current | data source |
| aws_iam_policy_document.s3_policy | data source |
| aws_route53_zone.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cognito_additional_redirects | Additional URLs to allow cognito redirects to | list(string) |
[] |
no |
| cognito_domain_prefix | The first part of the hosted UI login domain, as in https://[COGNITO_DOMAIN_PREFIX].[CUSTOM_DOMAIN]/ | string |
"login" |
no |
| cognito_path_logout | Path relative to custom_domain to redirect to after logging out | string |
"/" |
no |
| cognito_path_parse_auth | Path relative to custom_domain to redirect to upon successful authentication | string |
"/parseauth" |
no |
| cognito_path_refresh_auth | Path relative to custom_domain to redirect to when a token refresh is required |
string |
"/refreshauth" |
no |
| cognito_refresh_token_validity | Time until the refresh token expires and the user will be required to log in again | number |
3650 |
no |
| content_html_rewrite | Boolean, default false. If true, any URL where the final part does not contain a . will reference the S3 object with html appended. For example https://example.com/home would retrieve the file home.html from the website S3 bucket. |
bool |
false |
no |
| csp | List of default domains to include in the Content Security Policy. Typically you would list the URL of your API here if your pages access that. Always includes 'self'. |
object({ |
{ |
no |
| domain | The primary domain name to use for the website | string |
n/a | yes |
| domain_aliases | A set of any alternative domain names. Typically this would just contain the same as custom_domain but prefixed by www. | set(string) |
[] |
no |
| is_spa | If your website is a single page application (SPA), this sets up the cloudfront redirects such that whenever an item is not found, the file index.html is returned instead. |
bool |
false |
no |
| name | A unique string to use for this module to make sure resources do not clash with others | string |
n/a | yes |
| route53_zone_name | The name of the hosted zone in Route53 where the SSL certificates will be created | string |
n/a | yes |
| Name | Description |
|---|---|
| alternate_urls | Alternate URLs of the website |
| url | URL of the main website |