File tree 4 files changed +68
-0
lines changed
4 files changed +68
-0
lines changed Original file line number Diff line number Diff line change @@ -120,6 +120,18 @@ resource "aws_lb_listener" "this" {
120120
121121 certificate_arn = . certificate_arn
122122
123+ dynamic "default_action" {
124+ for_each = . authenticate_cognito
125+ content {
126+ type = " authenticate-cognito"
127+ authenticate_cognito {
128+ user_pool_arn = lookup (authenticate_cognito. value , " user_pool_arn" null )
129+ user_pool_client_id = lookup (authenticate_cognito. value , " user_pool_client_id" null )
130+ user_pool_domain = lookup (authenticate_cognito. value , " user_pool_domain" null )
131+ }
132+ }
133+ }
134+
123135 default_action {
124136 type = " forward"
125137 target_group_arn = . ui_static . id
@@ -131,6 +143,18 @@ resource "aws_lb_listener_rule" "ui_backend" {
131143 listener_arn = . this . arn
132144 priority = 1
133145
146+ dynamic "action" {
147+ for_each = . authenticate_cognito
148+ content {
149+ type = " authenticate-cognito"
150+ authenticate_cognito {
151+ user_pool_arn = lookup (authenticate_cognito. value , " user_pool_arn" null )
152+ user_pool_client_id = lookup (authenticate_cognito. value , " user_pool_client_id" null )
153+ user_pool_domain = lookup (authenticate_cognito. value , " user_pool_domain" null )
154+ }
155+ }
156+ }
157+
134158 action {
135159 type = " forward"
136160 target_group_arn = . ui_backend . arn
Original file line number Diff line number Diff line change @@ -37,4 +37,16 @@ locals {
3737 module. metaflow-common . default_metadata_service_container_image :
3838 var. ui_backend_container_image
3939 )
40+
41+ authenticate_cognito = . authenticate_with_cognito ? [
42+ {
43+ type = " authenticate-cognito"
44+ target_group_arn = null
45+ authenticate_cognito = {
46+ user_pool_arn = var.cognito.user_pool_arn
47+ user_pool_client_id = var.cognito.user_pool_client_id
48+ user_pool_domain = var.cognito.user_pool_domain
49+ }
50+ }
51+ ] : []
4052}
Original file line number Diff line number Diff line change @@ -126,3 +126,19 @@ variable "alb_internal" {
126126 description = " Defines whether the ALB is internal"
127127 default = false
128128}
129+
130+ variable "authenticate_with_cognito" {
131+ type = bool
132+ description = " Enable ALB Cognito authentication"
133+ default = false
134+ }
135+
136+ variable "cognito" {
137+ type = map (string )
138+ description = " Cognito configuration"
139+ default =
140+ user_pool_arn = " "
141+ user_pool_client_id = " "
142+ user_pool_domain = " "
143+ }
144+ }
Original file line number Diff line number Diff line change @@ -176,3 +176,19 @@ variable "force_destroy_s3_bucket" {
176176 description = " Empty S3 bucket before destroying via terraform destroy"
177177 default = false
178178}
179+
180+ variable "authenticate_with_cognito" {
181+ type = bool
182+ description = " Enable Cognito authentication for the UI ALB"
183+ default = false
184+ }
185+
186+ variable "cognito" {
187+ type = map (string )
188+ description = " Cognito configuration"
189+ default =
190+ user_pool_arn = " "
191+ user_pool_client_id = " "
192+ user_pool_domain = " "
193+ }
194+ }
You can’t perform that action at this time.
0 commit comments