Skip to content

Commit

Permalink
managed clientid for google oauth
Browse files Browse the repository at this point in the history
  • Loading branch information
tylerthome committed Oct 17, 2024
1 parent eff0024 commit 6049d68
Showing 1 changed file with 22 additions and 10 deletions.
32 changes: 22 additions & 10 deletions terraform-incubator/home-unite-us/dev/cognito.tf
Original file line number Diff line number Diff line change
Expand Up @@ -181,16 +181,16 @@ resource "aws_cognito_user_pool_domain" "homeuniteus" {
}


### TODO: discuss secrets injection and Google integration with devops team
# resource "aws_cognito_identity_provider" "example_provider" {
# ### TODO: discuss secrets injection and Google integration with devops team
# resource "aws_cognito_identity_provider" "google_client" {
# user_pool_id = aws_cognito_user_pool.example.id
# provider_name = "Google"
# provider_type = "Google"

# provider_details = {
# authorize_scopes = "email"
# authorize_scopes = "email profile openid"
# client_id = "your client_id"
# client_secret = "your client_secret"
# client_secret = data.aws_secretsmanager_secret_version.google_client.secret_string
# }

# attribute_mapping = {
Expand Down Expand Up @@ -334,12 +334,8 @@ resource "aws_secretsmanager_secret_policy" "cognito_client" {
}


resource "aws_secretsmanager_secret" "google_client" {
name = "homeuniteus-google-client"
}


data "aws_iam_policy_document" "google_client" {
data "aws_iam_policy_document" "admin_manage_secrets" {
statement {
sid = "EnableAdminUserToManageTheSecret"
effect = "Allow"
Expand All @@ -354,8 +350,24 @@ data "aws_iam_policy_document" "google_client" {
}
}

resource "aws_secretsmanager_secret" "google_client_id" {
name = "homeuniteus-google-clientid"
}

resource "aws_secretsmanager_secret_policy" "google_client" {
secret_arn = aws_secretsmanager_secret.google_client.arn
policy = data.aws_iam_policy_document.google_client.json
policy = data.aws_iam_policy_document.admin_manage_secrets.json
}

data "aws_secretsmanager_secret_version" "google_client" {
secret_id = aws_secretsmanager_secret.google_client.id
}

resource "aws_secretsmanager_secret" "google_secret" {
name = "homeuniteus-google-secret"
}

resource "aws_secretsmanager_secret_policy" "google_secret" {
secret_arn = aws_secretsmanager_secret.google_secret.arn
policy = data.aws_iam_policy_document.admin_manage_secrets.json
}

0 comments on commit 6049d68

Please sign in to comment.