hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.

https://registry.terraform.io/providers/hashicorp/aws

Mozilla Public License 2.0

9.71k stars 9.07k forks source link

[Bug]: admin_create_user_config configuration block unused_account_validity_days argument not being omitted #31553

Closed elize-dolina closed 1 year ago

elize-dolina commented 1 year ago

Terraform Core Version

1.3.9

AWS Provider Version

3.76.1

Affected Resource(s)

aws_cognito_user_pool

Expected Behavior

admin_create_user_config configuration block unused_account_validity_days argument should not be in my terraform state file since I have never used admin_create_user_config configuration block unused_account_validity_days argument. I have been using password_policy configuration block temporary_password_validity_days argument from the very start.

Actual Behavior

admin_create_user_config configuration block unused_account_validity_days argument is showing in terraform state file even though never used before.

Relevant Error/Panic Output Snippet

[31m│[0m [0m[0mError decoding "aws_cognito_user_pool.user_pool" from previous state:
[31m│[0m [0munsupported attribute "unused_account_validity_days"
[31m╵[0m[0m
[31m╷[0m[0m

Terraform Configuration Files

resource "aws_cognito_user_pool" "user_pool" {
  name = var.pool_name

  password_policy  {
    minimum_length                   = 8
    require_lowercase                = true
    require_numbers                  = true
    require_symbols                  = true
    require_uppercase                = true
    temporary_password_validity_days = 90
  }

  schema {
    attribute_data_type      = "String"
    developer_only_attribute = false
    mutable                  = true
    name                     = "role"
    required                 = false

    string_attribute_constraints  {
      min_length = 1
      max_length = 256
    }
  }

  schema {
    attribute_data_type      = "String"
    developer_only_attribute = false
    mutable                  = true
    name                     = "last_login"
    required                 = false

    string_attribute_constraints {
      max_length = 50
    }
  }

  username_attributes = ["email"]

  admin_create_user_config {

    allow_admin_create_user_only = true
    invite_message_template {
      email_subject = "Subject"
      sms_message   = "sms message"
      email_message = "email message"
    }
  }

  email_configuration {
    reply_to_email_address = var.reply_to_email_address
    source_arn             = "arn:aws:ses:us-east-1:${local.account_id}:identity/${var.reply_to_email_address}"
    email_sending_account  = "DEVELOPER"
  }

  tags = local.tags

  lambda_config {
    custom_message = aws_lambda_function.cognito_lambda_trigger.arn
  }

  lifecycle {
    ignore_changes = [
      tags.ResourceCreatedBy,
      tags.Name
    ]
  }
}

Steps to Reproduce

terraform apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

I know that this is an old bug and it was supposedly fixed in aws provider v2.49.0.

https://github.com/hashicorp/terraform-provider-aws/issues/11858

Would you like to implement a fix?

None

github-actions[bot] commented 1 year ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

justinretzolk commented 1 year ago

Hey @elize-dolina 👋 Thank you for taking the time to raise this! So that we have the information necessary in order to investigate this, can you supply debug logs (redacted as needed) as well?

elize-dolina commented 1 year ago

Hi @justinretzolk. Thank you for your reply. We can now close this issue. Aside from the issue about "unused_account_validity_days" argument, I am also encountering

Error: getting Lambda Function (lambdaname) code signing config AccessDeniedException: status code: 403, request id: bfc258d3-b6c2-49bd-bb24-69aea54ba5fc[0m with aws_lambda_function.cognito_lambda_trigger, on main.tf line 261, in resource "aws_lambda_function" "cognito_lambda_trigger": 261: resource "aws_lambda_function" "cognito_lambda_trigger" [4m{[0m[0m

I tried fixing this issue by upgrading the aws provider version as suggested here: https://github.com/hashicorp/terraform-provider-aws/issues/27986

Upgrading the aws provider version fixed all the issues I am encountering.

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.