From a847e2e82433dd2da11c719d869eb92016dcfe63 Mon Sep 17 00:00:00 2001 From: Sean Turner Date: Wed, 26 May 2021 21:38:58 +1200 Subject: [PATCH] Added interpreter to all local-exec blocks --- README.md | 2 +- r_null.tf | 6 ++++-- variables.tf | 9 ++++++--- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 3707128..e1c96de 100644 --- a/README.md +++ b/README.md @@ -86,7 +86,7 @@ No requirements. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | admin\_user\_email | Controls the creation of an admin user that is required to initially gain access to the
dashboard.

If access to the dashboard is completely lost, do the following
• `var.enable_delete_admin_user = true`
• `terraform apply`
• `var.enable_delete_admin_user = false`
• `terraform apply`

If the initial admin user should no longer be able to access the dashboard, revoke access by
setting `var.enable_delete_admin_user = true` and running `terraform apply` | `string` | `""` | no | -| aws\_profile | AWS Profile Name from `~/.aws/config that can be used for local execution. This profile is used
to preform the following actions:

• `aws s3 sync`: Sync bundle produced by `yarn` to build to s3
• `cognito-idp admin-create-user`: Creates an admin cognito user for dashboard access
• `cognito-idp admin-delete-user`: Deletes an admin cognito user if the user should not
have access to the dashboard anymore, OR, if there is no way for the user to regain access.
• `cognito-idp list-users`: Obtains the admin user's ID in order to write the ID to the
DynamodDB table.
` | `string` | `""` | no | +| aws\_profile | AWS Profile Name from ~/.aws/config that can be used for local execution. This profile is used
to preform the following actions:

• `aws s3 sync`: Sync bundle produced by `yarn` to build to s3

• `cognito-idp admin-create-user`: Creates an admin cognito user for dashboard access

• `cognito-idp admin-delete-user`: Deletes an admin cognito user if the user should not
have access to the dashboard anymore, OR, if there is no way for the user to regain access.

• `cognito-idp list-users`: Obtains the admin user's ID in order to write the ID to the
DynamodDB table. | `string` | `""` | no | | enable\_api\_gateway\_access\_logs | Enables API Gateway access logging to cloudwatch for the default stage. | `bool` | `false` | no | | enable\_delete\_admin\_user | Destroys the admin user.

Set this value to true to destroy the user, and to false to recreate the user. | `bool` | `false` | no | | fqdn\_alias | ALIAS for the Cloudfront distribution, S3, Cognito and API Gateway. Must be in the form of
`example.com`. | `string` | `""` | no | diff --git a/r_null.tf b/r_null.tf index abe3876..eaa996d 100644 --- a/r_null.tf +++ b/r_null.tf @@ -93,7 +93,8 @@ resource "null_resource" "create_admin_user" { count = var.admin_user_email != "" && !var.enable_delete_admin_user ? 1 : 0 provisioner "local-exec" { - command = "aws --region ${data.aws_region.current.name} cognito-idp admin-create-user --user-pool-id ${aws_cognito_user_pool.this.id} --username ${var.admin_user_email} --user-attributes Name=email,Value=${var.admin_user_email}" + interpreter = ["/bin/bash", "-c"] + command = "aws --region ${data.aws_region.current.name} cognito-idp admin-create-user --user-pool-id ${aws_cognito_user_pool.this.id} --username ${var.admin_user_email} --user-attributes Name=email,Value=${var.admin_user_email}" } } @@ -101,6 +102,7 @@ resource "null_resource" "delete_admin_user" { count = var.admin_user_email != "" && var.enable_delete_admin_user ? 1 : 0 provisioner "local-exec" { - command = "aws --region ${data.aws_region.current.name} cognito-idp admin-delete-user --user-pool-id ${aws_cognito_user_pool.this.id} --username ${var.admin_user_email}" + interpreter = ["/bin/bash", "-c"] + command = "aws --region ${data.aws_region.current.name} cognito-idp admin-delete-user --user-pool-id ${aws_cognito_user_pool.this.id} --username ${var.admin_user_email}" } } diff --git a/variables.tf b/variables.tf index e2eb4bd..70078f6 100644 --- a/variables.tf +++ b/variables.tf @@ -13,14 +13,17 @@ variable "tags" { variable "aws_profile" { type = string description = <<-DESC - AWS Profile Name from `~/.aws/config that can be used for local execution. This profile is used + AWS Profile Name from ~/.aws/config that can be used for local execution. This profile is used to preform the following actions: • `aws s3 sync`: Sync bundle produced by `yarn` to build to s3 + • `cognito-idp admin-create-user`: Creates an admin cognito user for dashboard access - • `cognito-idp admin-delete-user`: Deletes an admin cognito user if the user should not + + • `cognito-idp admin-delete-user`: Deletes an admin cognito user if the user should not have access to the dashboard anymore, OR, if there is no way for the user to regain access. - • `cognito-idp list-users`: Obtains the admin user's ID in order to write the ID to the + + • `cognito-idp list-users`: Obtains the admin user's ID in order to write the ID to the DynamodDB table. DESC default = ""