I'm using some aws_sns_platform_application resources to manage various push credentials, including APNS push credentials.
You normally use certificates for this, and these certificates expire after a while.
The value can be observed in the Attributes.AppleCertificateExpirationDate key.
Once the certificates expire, AWS sets Attributes.Enabled to false.
In terraform world, the platform_credential and platform_principal are used for the private key and certificate respectively.
I'd provide a privkey/certificate on these two keys. I'd expect Terraform to update the credentials whenever I change them, and in case the application got disabled due to the old certificate being expired, I'd expect it to re-enable the application.
Actual Behavior
There's some SNS Platform applications with an expiration date in the past, so it looks like the certificates didn't get updated, even though terraform shows state matches configuration. Also, some applications stayed disabled.
Create a SNS platform application with a soon-to-be-expired expiry date through terraform (or import it into terraform). terraform apply should show it has nothing to do.
Wait for the certificate to expire, and observe AWS disabling the SNS platform application
Renew the push credentials, and use terraform to update the certificates
Observe if the certificates get updated or not, and if the platform applications get re-enabled or not.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Terraform Core Version
1.1.7
AWS Provider Version
4.3.0
Affected Resource(s)
aws_sns_platform_applications
.Expected Behavior
I'm using some
aws_sns_platform_application
resources to manage various push credentials, including APNS push credentials.You normally use certificates for this, and these certificates expire after a while. The value can be observed in the
Attributes.AppleCertificateExpirationDate
key.Once the certificates expire, AWS sets
Attributes.Enabled
to false.In terraform world, the
platform_credential
andplatform_principal
are used for the private key and certificate respectively.I'd provide a privkey/certificate on these two keys. I'd expect Terraform to update the credentials whenever I change them, and in case the application got disabled due to the old certificate being expired, I'd expect it to re-enable the application.
Actual Behavior
There's some SNS Platform applications with an expiration date in the past, so it looks like the certificates didn't get updated, even though terraform shows state matches configuration. Also, some applications stayed disabled.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
terraform apply
should show it has nothing to do.Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None