From adf47c725e1a786f6e9b2afc6beca7396890e33d Mon Sep 17 00:00:00 2001
From: Ken Figueiredo <kfigueiredo@skysound.com>
Date: Mon, 20 Nov 2023 22:18:48 -0500
Subject: [PATCH] Add user pool domain as an optional override to the templated
 user pool name domain

---
 CHANGELOG.md | 3 +++
 README.md    | 3 ++-
 lambda.tf    | 2 +-
 ssm.tf       | 2 +-
 variables.tf | 9 ++++++++-
 5 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fd906cb..8239118 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [1.1.0] - TBD
 
+### Added
+- Added support for Cognito custom user pool domains.
+
 ### Changed
 - Update Lambda@Edge NodeJS version to `nodejs20.x` (was `nodejs14.x`).
 - Remove `aws-sdk` in favor of `@aws-sdk` v3 libraries.
diff --git a/README.md b/README.md
index e382ca8..1a63a17 100644
--- a/README.md
+++ b/README.md
@@ -107,8 +107,9 @@ No modules.
 | <a name="input_cognito_log_level"></a> [cognito\_log\_level](#input\_cognito\_log\_level) | Logging level. Default: 'silent' | `string` | `"silent"` | no |
 | <a name="input_cognito_user_pool_app_client_id"></a> [cognito\_user\_pool\_app\_client\_id](#input\_cognito\_user\_pool\_app\_client\_id) | Cognito User Pool App Client ID for the targeted user pool. | `string` | n/a | yes |
 | <a name="input_cognito_user_pool_app_client_secret"></a> [cognito\_user\_pool\_app\_client\_secret](#input\_cognito\_user\_pool\_app\_client\_secret) | Cognito User Pool App Client Secret for the targeted user pool. NOTE: This is currently not compatible with AppSync applications. | `string` | `null` | no |
+| <a name="input_cognito_user_pool_domain"></a> [cognito\_user\_pool\_domain](#input\_cognito\_user\_pool\_domain) | Optional: Full Domain of the Cognito User Pool to utilize. Mutually exclusive with 'cognito\_user\_pool\_name'. | `string` | `""` | no |
 | <a name="input_cognito_user_pool_id"></a> [cognito\_user\_pool\_id](#input\_cognito\_user\_pool\_id) | Cognito User Pool ID for the targeted user pool. | `string` | n/a | yes |
-| <a name="input_cognito_user_pool_name"></a> [cognito\_user\_pool\_name](#input\_cognito\_user\_pool\_name) | Name of the Cognito User Pool to utilize. | `string` | n/a | yes |
+| <a name="input_cognito_user_pool_name"></a> [cognito\_user\_pool\_name](#input\_cognito\_user\_pool\_name) | Name of the Cognito User Pool to utilize. Required if 'cognito\_user\_pool\_domain' is not set. | `string` | `""` | no |
 | <a name="input_cognito_user_pool_region"></a> [cognito\_user\_pool\_region](#input\_cognito\_user\_pool\_region) | AWS region where the cognito user pool was created. | `string` | `"us-west-2"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to prefix on all infrastructure created by this module. | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags to attach to all AWS resources created by this module. | `map(string)` | `{}` | no |
diff --git a/lambda.tf b/lambda.tf
index c5e5355..dabfa22 100644
--- a/lambda.tf
+++ b/lambda.tf
@@ -5,7 +5,7 @@ locals {
 
 resource "null_resource" "install_lambda_dependencies" {
   provisioner "local-exec" {
-    command     = "npm ci --production"
+    command     = "npm ci --omit dev"
     working_dir = abspath("${path.module}/files/deployable")
   }
 
diff --git a/ssm.tf b/ssm.tf
index 1074fe0..94312e1 100644
--- a/ssm.tf
+++ b/ssm.tf
@@ -4,7 +4,7 @@ locals {
     userPoolId           = var.cognito_user_pool_id
     userPoolAppId        = var.cognito_user_pool_app_client_id
     userPoolAppSecret    = var.cognito_user_pool_app_client_secret == null ? "" : var.cognito_user_pool_app_client_secret
-    userPoolDomain       = "${var.cognito_user_pool_name}.auth.${var.cognito_user_pool_region}.amazoncognito.com"
+    userPoolDomain       = coalesce(var.cognito_user_pool_domain, "${var.cognito_user_pool_name}.auth.${var.cognito_user_pool_region}.amazoncognito.com")
     cookieExpirationDays = var.cognito_cookie_expiration_days
     disableCookieDomain  = var.cognito_disable_cookie_domain
     logLevel             = var.cognito_log_level
diff --git a/variables.tf b/variables.tf
index aacb8dc..bd24aa0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,8 +4,15 @@ variable "name" {
 }
 
 variable "cognito_user_pool_name" {
-  description = "Name of the Cognito User Pool to utilize."
+  description = "Name of the Cognito User Pool to utilize. Required if 'cognito_user_pool_domain' is not set."
   type        = string
+  default     = ""
+}
+
+variable "cognito_user_pool_domain" {
+  description = "Optional: Full Domain of the Cognito User Pool to utilize. Mutually exclusive with 'cognito_user_pool_name'."
+  type        = string
+  default     = ""
 }
 
 variable "cognito_user_pool_region" {