Unable to add `schema` required (default) attributes to already created resource `aws_cognito_user_pool`

[matusvid]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

AWS v3.74.1 CLI v1.1.5

Affected Resource(s)

• aws_cognito_user_pool

Terraform Configuration Files

resource "aws_cognito_user_pool" "user_pool" {
  name                     = "${var.client}-bee-users-${var.environment}"
  alias_attributes         = ["email"]
  auto_verified_attributes = ["email"]

  username_configuration {
    case_sensitive = false
  }

  account_recovery_setting {
    recovery_mechanism {
      name     = "verified_email"
      priority = 1
    }

    recovery_mechanism {
      name     = "verified_phone_number"
      priority = 2
    }
  }

  device_configuration {
    device_only_remembered_on_user_prompt = true
  }

  schema {
    name                     = "email"
    attribute_data_type      = "String"
    developer_only_attribute = false
    mutable                  = false
    required                 = true

    string_attribute_constraints {
      min_length = 1
      max_length = 2048
    }
  }
}

Expected Behavior

Apply operation occur just fine

Actual Behavior

Error: error updating Cognito User Pool (eu-central-1_sjGWqeJzG): unable to add custom attributes from schema: InvalidParameterException: Required custom attributes are not supported currently.
│
│   with module.cognito.aws_cognito_user_pool.user_pool,
│   on ../../modules/cognito/main.tf line 1, in resource "aws_cognito_user_pool" "user_pool":
│    1: resource "aws_cognito_user_pool" "user_pool" {

Steps to Reproduce

1. terraform apply

Important Factoids

This only happens when adding schema block with required attribute to already created aws_cognito_user_pool resource. AWS cannot update required attributes (only during the creation of the resource), but Terraform is trying to update the resource, therefore trying to add custom attribute.

Workaround

Delete Cognito user pool resource using AWS Console manually and recreate it using terraform apply.

[avegao]

This bug is very annoying and we can't apply changes smoothly and it is still present in:

• aws v4.51.0
• terraform v1.3.7