3.5 KiB
3.5 KiB
Example
module "TrustedAccess" {
source = "../"
role_name = "TrustedAccess"
}
LambdaAccessKey
Module to create a lambda function, which assumes to a certain role and get temporary access credentials. The lambda function url is protected by cloudfront and origin access control. Credentials are encrypted. Once resources are deployed, run client.py to send http request and decrypt the response
Cloudfront fixed-rate pricing cannot be controlled by terraform or awscli at time of writing. Change to the free plan on aws console.
To destroy the cloudfront distribution, you need to cancel the fixed rate plan
Requirements
No requirements.
Providers
| Name | Version |
|---|---|
| archive | n/a |
| aws | n/a |
| local | n/a |
| random | n/a |
Modules
| Name | Source | Version |
|---|---|---|
| LambdaExecRole | ../iam-role-v2 | n/a |
| TargetIam | ../iam-role-v2 | n/a |
Resources
| Name | Type |
|---|---|
| aws_cloudfront_distribution.this | resource |
| aws_cloudfront_origin_access_control.CloudfrontOac | resource |
| aws_iam_policy.LamdaExecRole | resource |
| aws_lambda_function.this | resource |
| aws_lambda_function_url.this | resource |
| aws_lambda_permission.AllowCloudFrontServicePrincipal | resource |
| aws_lambda_permission.AllowCloudFrontServicePrincipalInvokeFunction | resource |
| local_file.FunctionCode | resource |
| local_file.client | resource |
| random_password.this | resource |
| random_uuid.ExternalId | resource |
| archive_file.LambdaZip | data source |
| aws_caller_identity.current | data source |
| aws_cloudfront_cache_policy.NoCache | data source |
| aws_cloudfront_origin_request_policy.AllButHost | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| role_name | Name of target role | string |
n/a | yes |
Outputs
| Name | Description |
|---|---|
| CloudFrontDist | n/a |
| LambdaFunctionArn | n/a |
| TargetRole | n/a |
Authorship
This module was developed by UPDATE_THIS.