80 lines
3.5 KiB
Markdown
80 lines
3.5 KiB
Markdown
<!-- This readme file is generated with terraform-docs -->
|
|
## Example
|
|
|
|
```hcl
|
|
module "TrustedAccess" {
|
|
source = "../"
|
|
role_name = "TrustedAccess"
|
|
}
|
|
```
|
|
|
|
# LambdaAccessKey
|
|
|
|
Module to create a lambda function, which assumes to a certain role and
|
|
get temporary access credentials. The lambda function url is protected
|
|
by cloudfront and origin access control. Credentials are encrypted. Once
|
|
resources are deployed, run client.py to send http request and decrypt
|
|
the response
|
|
|
|
Cloudfront fixed-rate pricing cannot be controlled by terraform or awscli
|
|
at time of writing. Change to the free plan on aws console.
|
|
|
|
To destroy the cloudfront distribution, you need to cancel the fixed rate plan
|
|
|
|
## Requirements
|
|
|
|
No requirements.
|
|
|
|
## Providers
|
|
|
|
| Name | Version |
|
|
| ---- | ------- |
|
|
| archive | n/a |
|
|
| aws | n/a |
|
|
| local | n/a |
|
|
| random | n/a |
|
|
|
|
## Modules
|
|
|
|
| Name | Source | Version |
|
|
| ---- | ------ | ------- |
|
|
| LambdaExecRole | ../iam-role-v2 | n/a |
|
|
| TargetIam | ../iam-role-v2 | n/a |
|
|
|
|
## Resources
|
|
|
|
| Name | Type |
|
|
| ---- | ---- |
|
|
| [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
|
|
| [aws_cloudfront_origin_access_control.CloudfrontOac](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_control) | resource |
|
|
| [aws_iam_policy.LamdaExecRole](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
|
|
| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
|
|
| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource |
|
|
| [aws_lambda_permission.AllowCloudFrontServicePrincipal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
|
|
| [aws_lambda_permission.AllowCloudFrontServicePrincipalInvokeFunction](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
|
|
| [local_file.FunctionCode](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
|
|
| [local_file.client](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
|
|
| [random_password.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
|
|
| [random_uuid.ExternalId](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
|
|
| [archive_file.LambdaZip](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
|
|
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
|
|
| [aws_cloudfront_cache_policy.NoCache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_cache_policy) | data source |
|
|
| [aws_cloudfront_origin_request_policy.AllButHost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_origin_request_policy) | data source |
|
|
|
|
## Inputs
|
|
|
|
| Name | Description | Type | Default | Required |
|
|
| ---- | ----------- | ---- | ------- | :------: |
|
|
| role\_name | Name of target role | `string` | n/a | yes |
|
|
|
|
## Outputs
|
|
|
|
| Name | Description |
|
|
| ---- | ----------- |
|
|
| CloudFrontDist | n/a |
|
|
| LambdaFunctionArn | n/a |
|
|
| TargetRole | n/a |
|
|
|
|
---
|
|
## Authorship
|
|
This module was developed by UPDATE_THIS. |