Allow Cognito Lambda Configuration Outside aws_cognito_user_pool

grochoge commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Please create a new resource type to allow configuring Lambda triggers on a Cognito user pool outside of the aws_cognito_user_pool resource.

I want to use the ID of a particular user pool client inside of a Lambda, but this is currently impossible due to a cycle error. The Lambda depends on the user pool client which depends on the user pool which depends on the Lambda.

New or Affected Resource(s)

aws_cognito_user_pool
aws_cognito_user_pool_lambda_config (NEW)

Potential Terraform Configuration


resource "aws_cognito_user_pool" "Pool" {
  name = "Pool"
}

resource "aws_cognito_user_pool_lambda_config" "Pool" {
  user_pool_id = aws_cognito_user_pool.Pool.id
  pre_token_generation = aws_lambda_function.CognitoPreToken.arn
}

resource "aws_cognito_user_group" "Group" {
  name         = "Group"
  user_pool_id = aws_cognito_user_pool.Pool.id
}

resource "aws_cognito_user_pool_client" "Client" {
  name         = "Client"
  user_pool_id = aws_cognito_user_pool.Pool.id
}

data "archive_file" "CognitoPreToken" {
  type        = "zip"
  output_path = "${path.module}/.temp/CognitoPreToken.zip"

  source {
    filename = "CognitoPreToken.py"
    content = templatefile("${path.module}/lambda/CognitoPreToken.py", {
      client_groups = {
        aws_cognito_user_pool_client.Client.id = aws_cognito_user_group.Group.name
      }
    })
  }
}

resource "aws_lambda_function" "CognitoPreToken" {
  filename         = data.archive_file.CognitoPreToken.output_path
  source_code_hash = data.archive_file.CognitoPreToken.output_base64sha256
  runtime          = "python3.9"
}

References

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html

github-actions[bot] commented 2 months ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

github-actions[bot] commented 3 weeks ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-aws