feat(cognito): Make cognito association optional

Nick Hammond · Nick Hammond · commit 4734f8b9cad1 · 2022-10-26T19:40:39.000+01:00
Signed-off-by: Nick Hammond &lt;n.hammond@waracle.com&gt;
diff --git a/README.md b/README.md
@@ -60,7 +60,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_cognito_user_pool_arn"></a> [cognito\_user\_pool\_arn](#input\_cognito\_user\_pool\_arn) | The ARN of the User Pool to grant the Postman user access to | `string` | n/a | yes |
+| <a name="input_cognito_user_pool_arn"></a> [cognito\_user\_pool\_arn](#input\_cognito\_user\_pool\_arn) | [Optional] The ARN of the User Pool to grant the Postman user access to | `string` | `""` | no |
 | <a name="input_username"></a> [username](#input\_username) | [Optional] The username to assign to the IAM user to be created | `string` | `"postman-user"` | no |
 
 ## Outputs
diff --git a/main.tf b/main.tf
@@ -37,6 +37,8 @@ data "aws_iam_policy_document" "cloudwatch_policy_document" {
 
 # IAM Policy statements for accessing the Cognito permissions
 data "aws_iam_policy_document" "cognito_policy_document" {
+  count = var.cognito_user_pool_arn != "" ? 1 : 0
+
   statement {
     actions = [
       "cognito-idp:AdminInitiateAuth"
@@ -65,7 +67,8 @@ resource "aws_iam_policy" "cloudwatch_policy" {
 
 # IAM Policy for accessing the Cognito userpools
 resource "aws_iam_policy" "cognito_policy" {
-  policy = data.aws_iam_policy_document.cognito_policy_document.json
+  count  = var.cognito_user_pool_arn != "" ? 1 : 0
+  policy = data.aws_iam_policy_document.cognito_policy_document[0].json
 }
 
 # Attach the API Gateway policy to the User
@@ -82,7 +85,8 @@ resource "aws_iam_user_policy_attachment" "cloudwatch_user_policy_attachment" {
 
 # Attach the Cognito policy to the User
 resource "aws_iam_user_policy_attachment" "cognito_user_policy_attachment" {
-  policy_arn = aws_iam_policy.cognito_policy.arn
+  count      = var.cognito_user_pool_arn != "" ? 1 : 0
+  policy_arn = aws_iam_policy.cognito_policy[0].arn
   user       = aws_iam_user.user.name
 }
 
diff --git a/variables.tf b/variables.tf
@@ -2,8 +2,9 @@
 # Variables: General
 # -----------------------------------------------------------------------------
 variable "cognito_user_pool_arn" {
-  description = "The ARN of the User Pool to grant the Postman user access to"
+  description = "[Optional] The ARN of the User Pool to grant the Postman user access to"
   type        = string
+  default     = ""
 }
 
 variable "username" {
