Merge pull request #6 from nekochans/feature/issue3

Cognitoユーザープール用のリソースを作成する
nekochans · Jun 4, 2020 · a9fa4f1 · a9fa4f1
2 parents b26f2f5 + 953d09e
commit a9fa4f1
Show file tree

Hide file tree

Showing 7 changed files with 80 additions and 0 deletions.
diff --git a/modules/aws/cognito/main.tf b/modules/aws/cognito/main.tf
@@ -0,0 +1,46 @@
+resource "aws_cognito_user_pool" "pool" {
+  name                     = var.user_pool_name
+  auto_verified_attributes = ["email"]
+
+  admin_create_user_config {
+    allow_admin_create_user_only = false
+  }
+
+  password_policy {
+    minimum_length                   = 8
+    require_lowercase                = true
+    require_numbers                  = true
+    require_symbols                  = true
+    require_uppercase                = true
+    temporary_password_validity_days = 7
+  }
+
+  verification_message_template {
+    default_email_option = "CONFIRM_WITH_CODE"
+    email_message        = "検証コードは {####} です。"
+    email_subject        = "検証コード"
+    sms_message          = "検証コードは {####} です。"
+  }
+
+  schema {
+    attribute_data_type      = "String"
+    developer_only_attribute = false
+    mutable                  = true
+    name                     = "email"
+    required                 = true
+
+    string_attribute_constraints {
+      min_length = 0
+      max_length = 2048
+    }
+  }
+}
+
+resource "aws_cognito_user_pool_client" "client" {
+  name                          = var.user_pool_name
+  user_pool_id                  = aws_cognito_user_pool.pool.id
+  generate_secret               = false
+  prevent_user_existence_errors = "ENABLED"
+  refresh_token_validity        = 30
+  explicit_auth_flows           = ["ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"]
+}
diff --git a/modules/aws/cognito/variables.tf b/modules/aws/cognito/variables.tf
@@ -0,0 +1,3 @@
+variable "user_pool_name" {
+  type = string
+}
diff --git a/providers/aws/environments/stg/13-cognito/backend.tf b/providers/aws/environments/stg/13-cognito/backend.tf
@@ -0,0 +1,9 @@
+terraform {
+  backend "s3" {
+    bucket  = "stg-kimono-app-tfstate"
+    key     = "cognito/terraform.tfstate"
+    region  = "ap-northeast-1"
+    profile = "kimono-app-stg"
+  }
+}
+
diff --git a/providers/aws/environments/stg/13-cognito/main.tf b/providers/aws/environments/stg/13-cognito/main.tf
@@ -0,0 +1,5 @@
+module "api" {
+  source = "../../../../../modules/aws/cognito"
+
+  user_pool_name = local.user_pool_name
+}
diff --git a/providers/aws/environments/stg/13-cognito/provider.tf b/providers/aws/environments/stg/13-cognito/provider.tf
@@ -0,0 +1,4 @@
+provider "aws" {
+  region  = "ap-northeast-1"
+  profile = "kimono-app-stg"
+}
diff --git a/providers/aws/environments/stg/13-cognito/variables.tf b/providers/aws/environments/stg/13-cognito/variables.tf
@@ -0,0 +1,6 @@
+locals {
+  name = "kimono-app"
+  env  = "stg"
+
+  user_pool_name = "${local.env}-${local.name}"
+}
diff --git a/providers/aws/environments/stg/13-cognito/versions.tf b/providers/aws/environments/stg/13-cognito/versions.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_version = "0.12.24"
+
+  required_providers {
+    aws = "2.57.0"
+  }
+}