Giter VIP home page Giter VIP logo

cruxstack / terraform-aws-cloudfront-middleware-at-edge Goto Github PK

View Code? Open in Web Editor NEW
1.0 1.0 0.0 312 KB

Terraform Module to deploy customizable CloudFront auth-at-edge and url-rewriter middlewares via Lambda@Edge

Home Page: https://registry.terraform.io/modules/cruxstack/cloudfront-middleware-at-edge/aws/latest

License: MIT License

Dockerfile 3.09% HCL 16.88% Makefile 0.44% JavaScript 2.93% TypeScript 68.61% Open Policy Agent 8.05%
authentication authorization aws cloudfront cognito lambda-at-edge middleware opa open-policy-agent terraform

terraform-aws-cloudfront-middleware-at-edge's Introduction

Terraform Module: CloudFront Middleware-at-Edge

This Terraform module deploys customizable and reusable Lambda@Edge functions that provide middleware for AWS CloudFront.

Middlewares

  • auth-at-edge: Also known as cognito-at-edge, this feature provides authentication and authorization to restrict access to a site hosted on CloudFront. Users can optionally customize the authorization rules via an Open Policy Agent (OPA) policy.
  • url-rewriter: This feature rewrites the URLs of requests. Users can define URL rewrite rules via an Open Policy Agent (OPA) policy.

Usage

module "cloudfront_middleware_at_edge" {
  source  = "cruxstack/cloudfront-middleware-at-edge/aws"
  version = "x.x.x"

  auth_service_config = {
    enabled                   = true
    cognito_idp_arn           = "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_TESTPOOL"
    cognito_idp_domain        = "test.auth.us-east-1.amazoncognito.com"
    cognito_idp_client_id     = "your-client-id"
    cognito_idp_client_secret = "your-client-secret"
    cognito_idp_client_scopes = ["openid", "email", "profile"]

    cognito_idp_jwks = {
      keys = [
        { "alg": "RS256", "e": "AQAB", "kid": "...", "kty": "RSA", "n": "...", "use": "sig" },
        { "alg": "RS256", "e": "AQAB", "kid": "...", "kty": "RSA", "n": "...", "use": "sig" },
      ]
    }
  }

  urlrewrite_service_config = {
    enabled    = true
    policy_content = <<-EOF
      package urlrewriter
      result := []
    EOF
  }
}

Inputs

In addition to the variables documented below, this module includes several other optional variables (e.g., name, tags, etc.) provided by the cloudposse/label/null module. Please refer to its documentation for more details on these variables.

Name Description Type Default Required
auth_service_config Configuration details for the authentication service. More details below. object {} no
urlrewrite_service_config Configuration details for the URL rewrite service, More details below. object {} no
aws_account_id The AWS account ID that the module will be deployed in string "" no
aws_region_name The AWS region name where the module will be deployed string "" no

auth_service_config

Property Description Type Default Required
enabled Enable the authentication service bool true no
log_level Logging level string "info" no
aws_region AWS region for the service string null no
cognito_idp_arn ARN of the Cognito Identity Provider string n/a yes
cognito_idp_domain Domain of the Cognito Identity Provider string n/a yes
cognito_idp_jwks JWKS of the Cognito Identity Provider object({ keys = list(map(string)) }) n/a yes
cognito_idp_client_id Client ID of the Cognito Identity Provider string n/a yes
cognito_idp_client_secret Client secret of the Cognito Identity Provider string n/a yes
cognito_idp_client_scopes Client scopes of the Cognito Identity Provider list(string) n/a yes
opa_policy_content Content of the OPA policy string null no
opa_policy_data Data for the OPA policy map(string) {} no

urlrewrite_service_config

Property Description Type Default Required
enabled Enable the URL rewrite service bool false no
log_level Logging level string "info" no
aws_region AWS region for the service string null no
policy_content Content of the URL rewrite policy string "package urlrewriter\nresult := []" no

Outputs

Name Description
auth_services Details of the created AWS Lambda functions for each of the auth services
auth_routes Route configurations for the auth services
urlrewrite_services Details of the created AWS Lambda function for the URL rewrite service

Contributing

We welcome contributions to this project. For information on setting up a development environment and how to make a contribution, see CONTRIBUTING documentation.

terraform-aws-cloudfront-middleware-at-edge's People

Contributors

sgtoj avatar

Stargazers

avatar

Watchers

avatar

terraform-aws-cloudfront-middleware-at-edge's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.