Principal adjust

README.md

@@ -1,10 +1,10 @@
 <!-- This file was automatically generated by the `build-harness`. Make all changes to `README.yaml` and run `make readme` to rebuild this file. -->
 
-# terraform-cloudfront-auth [![Latest Release](https://img.shields.io/github/release/scalefactory/terraform-cloudfront-auth.svg)](https://github.com/scalefactory/terraform-cloudfront-auth/releases/latest) [![License](https://img.shields.io/badge/License-ISC-blue.svg)](https://opensource.org/licenses/ISC)
+# terraform-cloudfront-auth [![Latest Release](https://img.shields.io/github/releases/mslipets/terraform-cloudfront-auth.svg)](https://github.com/mslipets/terraform-cloudfront-auth/releases/latest) [![License](https://img.shields.io/badge/License-ISC-blue.svg)](https://opensource.org/licenses/ISC)
 
 
 A Terraform module to provision a Cloudfront distribution to serve private
-content in an S3 bucket with Lamba@Edge Google/Microsoft/Github/Okta/Auth0/Centrify
+content in an S3 bucket with Lamba@Edge Google/Microsoft/Github/Okta/Auth0/Centrify/AWS Cognito
 authentication. Based on [Widen - Cloudfront Auth](https://github.com/Widen/cloudfront-auth/)
 
 

example/main.tf

@@ -1,32 +1,32 @@
 module "cloudfront_auth" {
-  source                         = "../"
+  source = "../"
 
-  auth_vendor                    = "cognito"
-  cloudfront_distribution        = "private.example.com"
-  client_id                      = "CHANGE_ME"
-  client_secret                  = "CHANGE_ME"
-  redirect_uri                   = "https://private.example.com/callback"
-  github_organization            = "exampleorg"
+  auth_vendor             = "cognito"
+  cloudfront_distribution = "private.example.com"
+  client_id               = "CHANGE_ME"
+  client_secret           = "CHANGE_ME"
+  redirect_uri            = "https://private.example.com/callback"
+  github_organization     = "exampleorg"
 
   bucket_name                    = "private.example.com"
   region                         = "eu-west-1"
   cloudfront_acm_certificate_arn = "${aws_acm_certificate.cert.arn}"
 }
 
 resource "aws_acm_certificate" "cert" {
-    provider                  = "aws.us-east-1"
-    domain_name               = "example.com"
-    validation_method         = "EMAIL"
-    subject_alternative_names = [
-        "*.example.com"
-    ]
+  provider          = "aws.us-east-1"
+  domain_name       = "example.com"
+  validation_method = "EMAIL"
+  subject_alternative_names = [
+    "*.example.com"
+  ]
 }
 
 // A test object for the bucket.
 resource "aws_s3_bucket_object" "test_object" {
-    bucket       = "${module.cloudfront_auth.s3_bucket}"
-    key          = "index.html"
-    source       = "${path.module}/index.html"
-    content_type = "text/html"
-    etag         = "${md5(file("${path.module}/index.html"))}"
+  bucket       = "${module.cloudfront_auth.s3_bucket}"
+  key          = "index.html"
+  source       = "${path.module}/index.html"
+  content_type = "text/html"
+  etag         = "${md5(file("${path.module}/index.html"))}"
 }

main.tf

@@ -157,7 +157,7 @@ data "aws_iam_policy_document" "s3_bucket_policy" {
     ]
 
     principals {
-      type        = "Service"
+      type        = "AWS"
       identifiers = var.bucket_access_roles_arn_list
     }
   }
@@ -173,7 +173,7 @@ data "aws_iam_policy_document" "s3_bucket_policy" {
     ]
 
     principals {
-      type        = "Service"
+      type        = "AWS"
       identifiers = var.bucket_access_roles_arn_list
     }
   }