-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdata.tf
66 lines (53 loc) · 1.54 KB
/
data.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
data "aws_caller_identity" "current" {}
data "aws_region" "current" {}
data "aws_route53_zone" "this" {
count = var.hosted_zone_name != "" ? 1 : 0
name = var.hosted_zone_name
private_zone = false
}
data "external" "admin_user_id" {
count = var.admin_user_email != "" && !var.enable_delete_admin_user ? 1 : 0
depends_on = [null_resource.create_admin_user[0]]
program = [
"go", "run", "${path.module}/terraform_assets/cognito.go",
"--admin-user-email", var.admin_user_email,
"--user-pool-id", aws_cognito_user_pool.this.id,
]
}
data "archive_file" "this" {
for_each = local.lambdas
depends_on = [null_resource.lambda_build]
type = "zip"
source_file = "${path.module}/bin/${each.key}"
output_path = "${path.module}/archive/${each.key}.zip"
}
data "aws_iam_policy_document" "role" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["lambda.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "policy" {
for_each = local.lambdas
dynamic "statement" {
for_each = each.value.iam_statements
iterator = s
content {
actions = s.value.actions
resources = s.value.resources
}
}
}
data "aws_iam_policy_document" "s3" {
statement {
actions = ["s3:GetObject"]
resources = ["arn:aws:s3:::${replace(var.name, "_", "-")}-${data.aws_caller_identity.current.account_id}/*"]
principals {
type = "AWS"
identifiers = module.cloudfront.cloudfront_origin_access_identity_iam_arns
}
}
}