[Bug]: Default token_validity_units in aws_cognito_user_pool_client produced an unexpected new value

[nl-brett-stime]

Terraform Core Version

1.3.1

AWS Provider Version

4.61.0

Affected Resource(s)

• aws_cognito_user_pool_client

Expected Behavior

No error message after apply

Actual Behavior

Error message after apply:

Error: Provider produced inconsistent result after apply When applying changes to module.marketplace_api.aws_cognito_user_pool_client.account, provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an unexpected new value: .token_validity_units: block count changed from 0 to 1. This is a bug in the provider, which should be reported in the provider's own issue tracker.

Relevant Error/Panic Output Snippet

Error: Provider produced inconsistent result after apply
When applying changes to
module.marketplace_api.aws_cognito_user_pool_client.account, provider
"provider[\"registry.terraform.io/hashicorp/aws\"]" produced an unexpected
new value: .token_validity_units: block count changed from 0 to 1.
This is a bug in the provider, which should be reported in the provider's own
issue tracker.

Terraform Configuration Files

resource "aws_cognito_user_pool_client" "account" { name = local.namespace user_pool_id = data.aws_ssm_parameter.account_pool_id.value allowed_oauth_flows_user_pool_client = true allowed_oauth_flows = ["code", "implicit"] allowed_oauth_scopes = ["email", "openid", "profile", "phone"] callback_urls = ["${local.decoded_api_manual_bootstrap["public_return_url"]}/cognito-callback"] logout_urls = ["${local.decoded_api_manual_bootstrap["public_return_url"]}/cognito-logout"] explicit_auth_flows = [ "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ]

generate_secret = false

supported_identity_providers = [ data.aws_ssm_parameter.cognito_goog_provider_name.value, "COGNITO" ]

write_attributes = [ "email", "address", "birthdate", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo" ] }

Steps to Reproduce

Apply over an existing instance of aws_cognito_user_pool_client. The plan should show:

aws_cognito_user_pool_client.account will be updated in-place
...
- token_validity_units {
- access_token = "minutes" -> null
- id_token = "minutes" -> null
- refresh_token = "days" -> null
}

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[ewbankkit]

@nl-brett-stime Thanks for raising this issue. It has already been noticed in #30268. I'm going to close this one as a duplicate so that we can concentrate discussion in the linked issue. Please add any additional comments there.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.