✨ use template and archive provider to fill credentials

.gitignore

@@ -3,3 +3,4 @@ node_modules/
 terraform.tfstate
 terraform.tfstate.backup
 terraform.tfvars
+module/functions/basic-auth.zip

gulpfile.js

@@ -2,25 +2,23 @@ const { src, dest } = require('gulp')
 const babel = require('gulp-babel')
 const concat = require('gulp-concat')
 const uglify = require('gulp-uglify')
-const zip = require('gulp-zip')
 const rimraf = require('rimraf')
 
-const ZIP_FILENAME = 'lambda-edge-basic-auth-function.zip'
-const ZIP_DIR = 'module/functions'
+const OUTPUT_FILENAME = 'basic-auth.js'
+const OUTPUT_DIR = 'module/functions'
 
 function build() {
   return src('src/**/*.js')
     .pipe(babel({
       presets: [ '@babel/env' ]
     }))
-    .pipe(concat('basic-auth.js'))
+    .pipe(concat(OUTPUT_FILENAME))
     .pipe(uglify())
-    .pipe(zip(ZIP_FILENAME))
-    .pipe(dest(ZIP_DIR))
+    .pipe(dest(OUTPUT_DIR))
 }
 
 function clean(cb) {
-  return rimraf(`${ZIP_DIR}/${ZIP_FILENAME}`, cb)
+  return rimraf(`${OUTPUT_DIR}/${OUTPUT_FILENAME}`, cb)
 }
 
 function defaultTask() {

module/main.tf

@@ -54,27 +54,28 @@ EOF
 # Lambda functions
 #
 
+data "template_file" "basic_auth_function" {
+  template = "${file("${path.module}/functions/basic-auth.js")}"
+  vars = "${var.basic_auth_credentials}"
+}
+
+data "archive_file" "basic_auth_function" {
+  type = "zip"
+  output_path = "${path.module}/functions/basic-auth.zip"
+
+  source {
+    content = "${data.template_file.basic_auth_function.rendered}"
+    filename = "basic-auth.js"
+  }
+}
+
 resource "aws_lambda_function" "basic_auth" {
-  filename         = "${path.module}/functions/lambda-edge-basic-auth-function.zip"
+  filename         = "${path.module}/functions/basic-auth.zip"
   function_name    = "${var.function_name}"
   role             = "${aws_iam_role.lambda.arn}"
   handler          = "basic-auth.handler"
-  source_code_hash = "${base64sha256(file("${path.module}/functions/lambda-edge-basic-auth-function.zip"))}"
+  source_code_hash = "${data.archive_file.basic_auth_function.output_base64sha256}"
   runtime          = "nodejs8.10"
   description      = "Protect CloudFront distributions with Basic Authentication"
   publish          = true
 }
-
-###
-# Secrets
-#
-
-resource "aws_secretsmanager_secret" "basic_auth_credentials" {
-  name_prefix = "lambda-edge-basic-auth-"
-  description = "Secrets for Basic Authentication used by Lambda@Edge"
-}
-
-resource "aws_secretsmanager_secret_version" "basic_auth_credentials" {
-  secret_id     = "${aws_secretsmanager_secret.basic_auth_credentials.id}"
-  secret_string = "${jsonencode(var.basic_auth_credentials)}"
-}

package.json

@@ -25,7 +25,6 @@
     "gulp-cli": "^2.0.1",
     "gulp-concat": "^2.6.1",
     "gulp-uglify": "^3.0.1",
-    "gulp-zip": "^4.2.0",
     "rimraf": "^2.6.3"
   }
 }

src/basic-auth.js

@@ -4,8 +4,8 @@ exports.handler = (event, context, callback) => {
   const request = event.Records[0].cf.request
   const headers = request.headers
 
-  const authUser = 'user'
-  const authPass = 'pass'
+  const authUser = '${user}'
+  const authPass = '${password}'
 
   const encodedCredentials = new Buffer(`${authUser}:${authPass}`).toString('base64')
   const authString = `Basic ${encodedCredentials}`

yarn.lock

@@ -536,24 +536,12 @@ ansi-colors@^1.0.1:
   dependencies:
     ansi-wrap "^0.1.0"
 
-ansi-cyan@^0.1.1:
-  version "0.1.1"
-  resolved "https://registry.yarnpkg.com/ansi-cyan/-/ansi-cyan-0.1.1.tgz#538ae528af8982f28ae30d86f2f17456d2609873"
-  dependencies:
-    ansi-wrap "0.1.0"
-
 ansi-gray@^0.1.1:
   version "0.1.1"
   resolved "https://registry.yarnpkg.com/ansi-gray/-/ansi-gray-0.1.1.tgz#2962cf54ec9792c48510a3deb524436861ef7251"
   dependencies:
     ansi-wrap "0.1.0"
 
-ansi-red@^0.1.1:
-  version "0.1.1"
-  resolved "https://registry.yarnpkg.com/ansi-red/-/ansi-red-0.1.1.tgz#8c638f9d1080800a353c9c28c8a81ca4705d946c"
-  dependencies:
-    ansi-wrap "0.1.0"
-
 ansi-regex@^2.0.0:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-2.1.1.tgz#c3b33ab5ee360d86e0e628f0468ae7ef27d654df"
@@ -600,13 +588,6 @@ are-we-there-yet@~1.1.2:
     delegates "^1.0.0"
     readable-stream "^2.0.6"
 
-arr-diff@^1.0.1:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-1.1.0.tgz#687c32758163588fef7de7b36fabe495eb1a399a"
-  dependencies:
-    arr-flatten "^1.0.1"
-    array-slice "^0.2.3"
-
 arr-diff@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520"
@@ -627,10 +608,6 @@ arr-map@^2.0.0, arr-map@^2.0.2:
   dependencies:
     make-iterator "^1.0.0"
 
-arr-union@^2.0.1:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/arr-union/-/arr-union-2.1.0.tgz#20f9eab5ec70f5c7d215b1077b1c39161d292c7d"
-
 arr-union@^3.1.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/arr-union/-/arr-union-3.1.0.tgz#e39b09aea9def866a8f206e288af63919bae39c4"
@@ -652,10 +629,6 @@ array-last@^1.1.1:
   dependencies:
     is-number "^4.0.0"
 
-array-slice@^0.2.3:
-  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/array-slice/-/array-slice-0.2.3.tgz#dd3cfb80ed7973a75117cdac69b0b99ec86186f5"
-
 array-slice@^1.0.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/array-slice/-/array-slice-1.1.0.tgz#e368ea15f89bc7069f7ffb89aec3a6c7d4ac22d4"
@@ -763,10 +736,6 @@ browserslist@^4.3.4:
     electron-to-chromium "^1.3.103"
     node-releases "^1.1.3"
 
-buffer-crc32@~0.2.3:
-  version "0.2.13"
-  resolved "https://registry.yarnpkg.com/buffer-crc32/-/buffer-crc32-0.2.13.tgz#0d333e3f00eac50aa1454abd30ef8c2a5d9a7242"
-
 buffer-equal@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/buffer-equal/-/buffer-equal-1.0.0.tgz#59616b498304d556abd466966b22eeda3eca5fbe"
@@ -1168,12 +1137,6 @@ expand-tilde@^2.0.0, expand-tilde@^2.0.2:
   dependencies:
     homedir-polyfill "^1.0.1"
 
-extend-shallow@^1.1.2:
-  version "1.1.4"
-  resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-1.1.4.tgz#19d6bf94dfc09d76ba711f39b872d21ff4dd9071"
-  dependencies:
-    kind-of "^1.1.0"
-
 extend-shallow@^2.0.1:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-2.0.1.tgz#51af7d614ad9a9f610ea1bafbb989d6b1c56890f"
@@ -1326,10 +1289,6 @@ get-caller-file@^1.0.1:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-1.0.3.tgz#f978fa4c90d1dfe7ff2d6beda2a515e713bdcf4a"
 
-get-stream@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-3.0.0.tgz#8e943d1358dc37555054ecbe2edb05aa174ede14"
-
 get-stream@^4.0.0:
   version "4.1.0"
   resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-4.1.0.tgz#c1b255575f3dc21d59bfc79cd3d2b46b1c3a54b5"
@@ -1469,16 +1428,6 @@ gulp-uglify@^3.0.1:
     uglify-js "^3.0.5"
     vinyl-sourcemaps-apply "^0.2.0"
 
-gulp-zip@^4.2.0:
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/gulp-zip/-/gulp-zip-4.2.0.tgz#e25e738c41ad0795ad853d1d8aeb1744d2a4ca82"
-  dependencies:
-    get-stream "^3.0.0"
-    plugin-error "^0.1.2"
-    through2 "^2.0.1"
-    vinyl "^2.1.0"
-    yazl "^2.1.0"
-
 gulp@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/gulp/-/gulp-4.0.0.tgz#95766c601dade4a77ed3e7b2b6dc03881b596366"
@@ -1793,10 +1742,6 @@ just-debounce@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/just-debounce/-/just-debounce-1.0.0.tgz#87fccfaeffc0b68cd19d55f6722943f929ea35ea"
 
-kind-of@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-1.1.0.tgz#140a3d2d41a36d2efcfa9377b62c24f8495a5c44"
-
 kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.2.0:
   version "3.2.2"
   resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64"
@@ -2343,16 +2288,6 @@ pinkie@^2.0.0:
   version "2.0.4"
   resolved "https://registry.yarnpkg.com/pinkie/-/pinkie-2.0.4.tgz#72556b80cfa0d48a974e80e77248e80ed4f7f870"
 
-plugin-error@^0.1.2:
-  version "0.1.2"
-  resolved "https://registry.yarnpkg.com/plugin-error/-/plugin-error-0.1.2.tgz#3b9bb3335ccf00f425e07437e19276967da47ace"
-  dependencies:
-    ansi-cyan "^0.1.1"
-    ansi-red "^0.1.1"
-    arr-diff "^1.0.1"
-    arr-union "^2.0.1"
-    extend-shallow "^1.1.2"
-
 plugin-error@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/plugin-error/-/plugin-error-1.0.1.tgz#77016bd8919d0ac377fdcdd0322328953ca5781c"
@@ -2829,7 +2764,7 @@ through2-filter@^3.0.0:
     through2 "~2.0.0"
     xtend "~4.0.0"
 
-through2@^2.0.0, through2@^2.0.1, through2@^2.0.3, through2@~2.0.0:
+through2@^2.0.0, through2@^2.0.3, through2@~2.0.0:
   version "2.0.5"
   resolved "https://registry.yarnpkg.com/through2/-/through2-2.0.5.tgz#01c1e39eb31d07cb7d03a96a70823260b23132cd"
   dependencies:
@@ -3031,7 +2966,7 @@ vinyl-sourcemaps-apply@^0.2.0:
   dependencies:
     source-map "^0.5.1"
 
-vinyl@^2.0.0, vinyl@^2.1.0:
+vinyl@^2.0.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/vinyl/-/vinyl-2.2.0.tgz#d85b07da96e458d25b2ffe19fece9f2caa13ed86"
   dependencies:
@@ -3136,9 +3071,3 @@ yargs@^7.1.0:
     which-module "^1.0.0"
     y18n "^3.2.1"
     yargs-parser "^5.0.0"
-
-yazl@^2.1.0:
-  version "2.5.1"
-  resolved "https://registry.yarnpkg.com/yazl/-/yazl-2.5.1.tgz#a3d65d3dd659a5b0937850e8609f22fffa2b5c35"
-  dependencies:
-    buffer-crc32 "~0.2.3"