Add Cognito to Terraform #17
Comments
madcharlie02
added
role: missing
feature: missing
size: missing
role: Dev Ops Engineer
|
What if any responsibility will ops have for this issue? |
|
@chelseybeck this is the first issue I referred to at the ops meeting that looks like infrastructure--possibly an ops issue. After taking a closer look, what are your thoughts? |
|
@robinglov this should stay on incubator. anything related to projects that are in incubator should stay here. but, I self-assigned this issue b/c I can work on it. |
|
I discussed this briefly with @fyliu in Slack and it sounds like we can recreate the Cognito resources as People Depot is in testing phase. This doesn't apply as a shared resource because each project will have its own Cognito resources |
|
This PR adds a module for creating Cognito resources and then creates example resources for People Depot (which can be customized as needed) |
|
The above PR should be good to go, but there is a state conflict when writing the plan. Discuss w/ Judson/Tyler or both |
github-project-automation
bot
moved this to New Issue Review
in CoP: DevOps: Project Board
ExperimentsInHonesty
moved this from New Issue Review
to In progress (actively working)
in CoP: DevOps: Project Board
This comment was marked as resolved.
This comment was marked as resolved.
ExperimentsInHonesty
moved this from In progress (actively working)
to New Issue Review
in CoP: DevOps: Project Board
ExperimentsInHonesty
moved this from New Issue Review
to Ice Box
in CoP: DevOps: Project Board
ExperimentsInHonesty
added
size: 1pt
|
We added a dependency. When that is satisfied. This issue will need a rewrite. Cognito for shared user pool (hfla users)If PD wants to share their user pool with VRMS, CTJ, and KB that is fine. Once this Cognito module is running and deployed and available for project use, then we can terraform additional app clients that can be used by those PD's stakeholder customers. There is an open pr for this, that cant be merged until the pr for 90 is merged and then we merge 76 into it.
Cognito for unique user pools (external users for each app are different)We will also need a module for projects that need a unique user pool (e.g., homeuniteus, techworkexperience, youthjusticenav) |
Dependency
Overview
At least in PeopleDepot, there's a hardcoded Cognito user pool which has a machine-generated identifier. This is generally a sign that something should be pulled into Terraform, since there's an agreement between the value in Terraform and where ever it's defined. If Terraform knows about the resource, it can simply use the random machine value, instead of it having to be supplied.
Action Items
terraform-incubator/source represent it - is it a resource, because Terraform ought to manage it? Or adatabecause it should know where to get values for it, but it should be properly managed by a human. Assume aresource, unless a good reason is found why it should be managed manually.people-depotorshared-resources, as appropriate.resourceis created, it will need to be brought into the Terraform state withterraform state importcommands.Resources/Instructions
https://developer.hashicorp.com/terraform/language/state/import
https://registry.terraform.io/providers/-/aws/latest/docs/resources/cognito_user_pool
The text was updated successfully, but these errors were encountered: