[Bug]: User-pool users re-creating - because of Pool tags are updating ?

[hanoj-budime]

Terraform Core Version

1.4.6

AWS Provider Version

4.67.0

Affected Resource(s)

aws_cognito_user

Expected Behavior

User case :

While Creating User-pool, we are also create users at the same time.

Attempted solution:

resource "aws_cognito_user" "username" {
  user_pool_id = local.pool_id
  username = "username"
  desired_delivery_mediums = ["EMAIL"]
  attributes = {
    email = "mail@me.com"
    email_verified = true
  }
}

Actual Behavior

Update in-place

Relevant Error/Panic Output Snippet

# aws_cognito_user_pool.cognito_user_pool will be updated in-place

  ~ resource "aws_cognito_user_pool" "cognito_user_pool" {
        id                         = "us-west-xxxxxx"
        name                       = "xxxxxxx"
      ~ tags                       = {
          ~ "xxxx"                  = "xxxx" -> "xxxxx"
          ~ "xxxx"                  = "xxxx" -> "xxxxx"
        }
      ~ tags_all                   = {
          ~ "xxxx"                  = "xxxx" -> "xxxxx"
        }
    }

# aws_cognito_user.create_cognito_user must be replaced, why ?
-/+ resource "aws_cognito_user" "create_cognito_user" {
      ~ attributes               = {
          ~ "email"          = "xxxxx@xxx.com" -> "xxxx@xxx.com"
          - "sub"            = "xxxxx-xxxx-xxxxxx" -> null
        }
      ~ id                       = "us-west-xxxxx/username" -> (known after apply)
      ~ mfa_setting_list         = [] -> (known after apply)
      + preferred_mfa_setting    = (known after apply)
      ~ status                   = "FORCE_CHANGE_PASSWORD" -> (known after apply)
      ~ sub                      = "xxxxx-xxxx-xxxxxx" -> (known after apply)
      ~ user_pool_id             = (sensitive value) # forces replacement, why ?
    }

Why, refreshing terraform code next time, user-pool tags are updating in-place update why user creation is "forces replacement" ?

Terraform Configuration Files

No response

Steps to Reproduce

1. Create a User Pool
2. then, Add some users into above pool
3. Apply and it'll created.
4. Update User-pool tags and refresh as code check now.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @HanojHanu 👋 Thank you for taking the time to raise this! I suspect this may be related to some of the specifics of your configuration. Are you able to supply a sample Terraform configuration that can be used to reproduce the bug?

[hanoj-budime]

resource "aws_cognito_user" "create_user" {
  # * Required
  user_pool_id = local.my_user_pool_id
  username     = local.my_username 

  # ? optional
  attributes               = var.attributes              
  desired_delivery_mediums = var.desired_delivery_mediums 
  enabled                  = var.enabled                       
  message_action           = var.message_action       
}