[Bug]: Channging allow_classic_flow on aws_cognito_identity_pool removes cognito_identity_providers

[pafcu]

Terraform Core Version

v1.3.0

AWS Provider Version

v4.32.0

Affected Resource(s)

aws_cognito_identity_pool

Expected Behavior

Changing the value of allow_classic_flow only changes that value.

Actual Behavior

Changing the value of allow_classic_flow after the resource has initially been created removes any configured cognito_identity_providers on the resource. Running terraform apply again results in the recreation of the cognito_identity_providers.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

provider "aws" {
  region = "eu-west-1"
}

resource "aws_cognito_user_pool" "user-pool" {
  name = "test-user-pool"
}

resource "aws_cognito_user_pool_client" "client" {
  name = "test-user-pool-client"

  user_pool_id = aws_cognito_user_pool.user-pool.id
}

resource "aws_cognito_identity_pool" "identity-pool" {
  identity_pool_name = "test-identity-pool"
  allow_classic_flow = true

  cognito_identity_providers {
    client_id     = aws_cognito_user_pool_client.client.id
    provider_name = aws_cognito_user_pool.user-pool.endpoint
  }
}

Steps to Reproduce

1. Apply the code above by running terraform apply. You can use the AWS console or cli to verify that the cognito_identity_providers configuration is present in the deployed resource.
2. Change the value of allow_classic_flow to false
3. Run terraform apply again. Note that the plan states only that value will be changed
4. Run terraform apply again. Note that the plan shows that the cognito_identity_providers block will be added. You can use the AWS console or cli to verify that the cognito_identity_providers configuration is not present in the deployed resource.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.