Open przemeklach opened 2 years ago
same here, when i try to attach roles to cognito identity:
resource "aws_cognito_identity_pool_roles_attachment" "authenticated_attachment" {
identity_pool_id = aws_cognito_identity_pool.identity_pool.id
roles = {
"authenticated" = aws_iam_role.cognito_authenticated.arn
}
}
resource "aws_cognito_identity_pool_roles_attachment" "unauthenticated_attachment" {
identity_pool_id = aws_cognito_identity_pool.identity_pool.id
roles = {
"unauthenticated" = aws_iam_role.cognito_unauthenticated.arn
}
}
i keep getting
│ Error: Error deleting Cognito identity pool roles association: ConcurrentModificationException: Only one request to update resource type Identity Pool can be processed at a time
if you apply that multiple times for some reason it will add auth role and remove unauth and vice versa.
I had the same issue with an old version of the AWS provider (4.67.0). I've just updated to the latest (5.4) and it did work as expected.
Also, try putting multiple roles together on the same resource, see example below:
resource "aws_cognito_identity_pool_roles_attachment" "roles_attachment" {
identity_pool_id = aws_cognito_identity_pool.identity_pool.id
roles = {
"authenticated" = aws_iam_role.authenticated_role.arn
"unauthenticated" = aws_iam_role.unauthenticated_role.arn
}
}
:point_up: that works well for me.
I had the same issue with an old version of the AWS provider (4.67.0). I've just updated to the latest (5.4) and it did work as expected.
Also, try putting multiple roles together on the same resource, see example below:
resource "aws_cognito_identity_pool_roles_attachment" "roles_attachment" { identity_pool_id = aws_cognito_identity_pool.identity_pool.id roles = { "authenticated" = aws_iam_role.authenticated_role.arn "unauthenticated" = aws_iam_role.unauthenticated_role.arn } }
☝️ that works well for me.
awesome, confirming it works after the update!
Community Note
Terraform CLI and Terraform AWS Provider Version
Terraform v1.2.2 on darwin_arm64
Affected Resource(s)
Terraform Configuration Files
Debug Output
First Run Error: https://gist.github.com/przemeklach/d98cf6270a678a4f71b32828395444e8
Expected Behavior
Both the authenticated and unauthenticated roles are set to the roles I defined in the Identity Pool.
Actual Behavior
Only one of the roles gets set.
Steps to Reproduce
On the first run, or any run where I manually set the roles in aws console to empty or to the desired roles, on a subsequent terraform apply run I get an error "Error creating Cognito Identity Pool Roles Association: ConcurrentModificationException: Only one request to update resource type Identity Pool can be processed at a time". Full output linked in Debug Output section".
This leaves the pool in bad state where only one of the two roles is selected. On subsequent terraform apply it will just cause a flip e.g: if authenticated role was set and unauthenticated was unset it will unset the authenticated role and set the authenticated role. From this point forward if you keep running terraform apply it will just keep flipping back and forth.