Skip to content

chatloop/terraform-aws-cloudfront-auth

BranchesTags

Repository files navigation

AWS CloudFront Auth Terraform module

This module provisions a Lambda@Edge function that can be associated to a CloudFront distribution to provide OpenID Connect authentication at edge functionality.

Currently, the only supported provider is Microsoft AzureAD.

Usage

module "cloudfront_authorizer" {
  source = "github.com/chatloop/terraform-aws-cloudfront-auth?ref=v0.2.1"

  providers = {
    aws = aws.us-east-1 # Ensure you're deploying this module into us-east-1
  }

  function_name = "lambda-edge-azure-auth" # This must be unique
  tenant        = "2765a7ba-9519-4636-9669-35f6558266fe" # Azure Tenant ID
  client_id     = "2d30fa5c-bdbc-4adc-a3fb-86566348159c" # Azure App Client ID
  client_secret = var.client_secret # Azure App Client Secret - keep this secret
  redirect_uri  = "https://${var.domain_name}/_callback" # CloudFront domain name with /_callback suffix

  # The duration in hours before re-authenticating
  session_duration = 24 # optional: default = 168 (7 days)

  # Enables 301 redirects for directory paths not ending in a forward slash. e.g. www.example.com/about -> www.example.com/about/
  trailing_slash_redirects_enabled = true # optional: default = false

  # Appends index.html on to directory paths (e.g. www.example.com/about/ retrieves www.example.com/about/index.html from a backend s3 origin.)
  simple_urls_enabled = true # optional: default = true

  # Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state.
  skip_destroy = true # optional: default = false
}

Requirements

Name Version
terraform ~> 1.0
aws ~> 5.0
external ~> 2.0
local ~> 2.0
tls ~> 4.0

Providers

Name Version
external 2.3.4
local 2.5.1
tls 4.0.5

Modules

Name Source Version
lambda github.com/terraform-aws-modules/terraform-aws-lambda 1d122404c2a3834ce39a7c5a319a3e754d5b0c29

Resources

Name Type
local_sensitive_file.config resource
tls_private_key.key_pair resource
external_external.create_config data source

Inputs

Name Description Type Default Required
client_id Microsoft Azure AD Application ID string n/a yes
client_secret Microsoft Azure AD Client Secret string n/a yes
function_name Name for the lambda function string "lambda-edge-azure-auth" no
redirect_uri Registered Microsoft Azure AD Application Redirect URI string n/a yes
session_duration Authenticated session duration, in hours number 168 no
simple_urls_enabled Appends index.html on to directory paths (e.g. www.example.com/about/ retrieves www.example.com/about/index.html from a backend s3 origin.) bool true no
skip_destroy Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Terraform state. bool false no
tenant Microsoft Azure AD Tenant ID string n/a yes
trailing_slash_redirects_enabled Enables 301 redirects for directory paths not ending in a forward slash. e.g. www.example.com/about -> www.example.com/about/ bool false no

Outputs

Name Description
lambda_qualified_arn n/a

About

Terraform module that provides CloudFront authentication using Lambda@Edge

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v0.2.1 Latest
Jan 13, 2025
+ 2 releases

Packages

 
 
 

Contributors

Languages