From de744ecd66a2786921b3852b4a5f0124161b000f Mon Sep 17 00:00:00 2001
From: Markiian Slipets <Markiian.Slipets@aerlingus.com>
Date: Wed, 11 Mar 2020 19:05:14 +0200
Subject: [PATCH] Principal adjust

---
 README.md       |  4 ++--
 example/main.tf | 36 ++++++++++++++++++------------------
 main.tf         |  4 ++--
 3 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md
index 8b23504..c6e2576 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,10 @@
 <!-- This file was automatically generated by the `build-harness`. Make all changes to `README.yaml` and run `make readme` to rebuild this file. -->
 
-# terraform-cloudfront-auth [![Latest Release](https://img.shields.io/github/release/scalefactory/terraform-cloudfront-auth.svg)](https://github.com/scalefactory/terraform-cloudfront-auth/releases/latest) [![License](https://img.shields.io/badge/License-ISC-blue.svg)](https://opensource.org/licenses/ISC)
+# terraform-cloudfront-auth [![Latest Release](https://img.shields.io/github/releases/mslipets/terraform-cloudfront-auth.svg)](https://github.com/mslipets/terraform-cloudfront-auth/releases/latest) [![License](https://img.shields.io/badge/License-ISC-blue.svg)](https://opensource.org/licenses/ISC)
 
 
 A Terraform module to provision a Cloudfront distribution to serve private
-content in an S3 bucket with Lamba@Edge Google/Microsoft/Github/Okta/Auth0/Centrify
+content in an S3 bucket with Lamba@Edge Google/Microsoft/Github/Okta/Auth0/Centrify/AWS Cognito
 authentication. Based on [Widen - Cloudfront Auth](https://github.com/Widen/cloudfront-auth/)
 
 
diff --git a/example/main.tf b/example/main.tf
index d861cdd..b909a04 100644
--- a/example/main.tf
+++ b/example/main.tf
@@ -1,12 +1,12 @@
 module "cloudfront_auth" {
-  source                         = "../"
+  source = "../"
 
-  auth_vendor                    = "cognito"
-  cloudfront_distribution        = "private.example.com"
-  client_id                      = "CHANGE_ME"
-  client_secret                  = "CHANGE_ME"
-  redirect_uri                   = "https://private.example.com/callback"
-  github_organization            = "exampleorg"
+  auth_vendor             = "cognito"
+  cloudfront_distribution = "private.example.com"
+  client_id               = "CHANGE_ME"
+  client_secret           = "CHANGE_ME"
+  redirect_uri            = "https://private.example.com/callback"
+  github_organization     = "exampleorg"
 
   bucket_name                    = "private.example.com"
   region                         = "eu-west-1"
@@ -14,19 +14,19 @@ module "cloudfront_auth" {
 }
 
 resource "aws_acm_certificate" "cert" {
-    provider                  = "aws.us-east-1"
-    domain_name               = "example.com"
-    validation_method         = "EMAIL"
-    subject_alternative_names = [
-        "*.example.com"
-    ]
+  provider          = "aws.us-east-1"
+  domain_name       = "example.com"
+  validation_method = "EMAIL"
+  subject_alternative_names = [
+    "*.example.com"
+  ]
 }
 
 // A test object for the bucket.
 resource "aws_s3_bucket_object" "test_object" {
-    bucket       = "${module.cloudfront_auth.s3_bucket}"
-    key          = "index.html"
-    source       = "${path.module}/index.html"
-    content_type = "text/html"
-    etag         = "${md5(file("${path.module}/index.html"))}"
+  bucket       = "${module.cloudfront_auth.s3_bucket}"
+  key          = "index.html"
+  source       = "${path.module}/index.html"
+  content_type = "text/html"
+  etag         = "${md5(file("${path.module}/index.html"))}"
 }
diff --git a/main.tf b/main.tf
index fcd2e63..bec1c81 100644
--- a/main.tf
+++ b/main.tf
@@ -157,7 +157,7 @@ data "aws_iam_policy_document" "s3_bucket_policy" {
     ]
 
     principals {
-      type        = "Service"
+      type        = "AWS"
       identifiers = var.bucket_access_roles_arn_list
     }
   }
@@ -173,7 +173,7 @@ data "aws_iam_policy_document" "s3_bucket_policy" {
     ]
 
     principals {
-      type        = "Service"
+      type        = "AWS"
       identifiers = var.bucket_access_roles_arn_list
     }
   }