Don't duplicate config in docs

lorenyu · lorenyu · commit 5bf2cc4925c7 · 2025-03-17T09:27:19.000-07:00
diff --git a/docs/infra/identity-provider.md b/docs/infra/identity-provider.md
@@ -15,16 +15,7 @@ Update `enable_identity_provider = true` in your application's `app-config` modu
 
 ## 2. Configure identity provider settings
 
-The identity provider configuration is defined in the environment config module in `infra/<APP_NAME>/app-config/env-config/identity_provider.tf`. You can customize the following settings:
-
-- `callback_url_path`: Path fragment for post-login redirect (optional)
-- `logout_url_path`: Path fragment for post-logout redirect (optional)
-- `password_policy`: Customize password requirements
-  - `password_minimum_length`: Minimum password length
-  - `temporary_password_validity_days`: Days until temporary passwords expire
-- `verification_email`: Customize verification email content
-  - `verification_email_message`: Custom message content
-  - `verification_email_subject`: Custom email subject
+The identity provider configuration is defined in the environment config module in `infra/<APP_NAME>/app-config/env-config/identity_provider.tf`.
 
 ## 3. Deploy the identity provider
 
diff --git a/infra/{{app_name}}/app-config/env-config/identity_provider.tf b/infra/{{app_name}}/app-config/env-config/identity_provider.tf
@@ -14,21 +14,27 @@ locals {
   # Docs: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html
   logout_url_path = ""
 
+  # Customize password policy
+  # Docs: https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users-passwords.html
+  password_policy = {
+    password_minimum_length          = 12
+    temporary_password_validity_days = 7
+  }
+
+  # Optionally configure email template for resetting a password.
+  # Set any attribute to a non-null value to override AWS Cognito defaults.
+  # Docs: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html
+  verification_email = {
+    verification_email_message = null
+    verification_email_subject = null
+  }
+
   identity_provider_config = var.enable_identity_provider ? {
     identity_provider_name = "${var.app_name}-${var.environment}"
 
-    password_policy = {
-      password_minimum_length          = 12
-      temporary_password_validity_days = 7
-    }
+    password_policy = local.password_policy
 
-    # Optionally configure email template for resetting a password.
-    # Set any attribute to a non-null value to override AWS Cognito defaults.
-    # Docs: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html
-    verification_email = {
-      verification_email_message = null
-      verification_email_subject = null
-    }
+    verification_email = local.verification_email
 
     # Do not modify this block directly.
     client = {
