Open hanoj-budime opened 6 months ago
Voting for Prioritization
Volunteering to Work on This Issue
Hey @HanojHanu 👋 Thank you for taking the time to raise this! In this scenario, is the user pool ID updated outside of Terraform? Can you supply a sample Terraform configuration that demonstrates the behavior and, if possible, debug logging (redacted as needed)?
"Why is the group not able to update in place? Even when we pass the latest pool ID, the group still retains the older value. Why is this happening?"
Hey @hanoj-budime 👋 Thank you for providing that graphic, however, I think we're still missing a bit of detail that could be key here. Are you able to provide a sample configuration that can be used to reproduce this and, if possible, debug logging (redacted as needed)?
# * Steps - "Reproduce issue"
# ? Create any complax pool and save pool-id in SSM.
# * basic-configuration ( for testing.. )
resource "aws_cognito_user_pool" "pool" {
name = "mypool"
}
# * Save pool-id ( for testing.. )
resource "aws_ssm_parameter" "pool_id" {
name = "/reproduce/issue/pool_id"
type = "String"
value = aws_cognito_user_pool.pool.id
}
# * Steps - "Reproduce issue"
# ? Create any group and in pool-id, to get pool-id from ssm.
# * get pool-id ( for testing.. )
data "aws_ssm_parameter" "pool_id" {
name = "/reproduce/issue/pool_id"
}
# * create group
resource "aws_cognito_user_group" "group" {
user_pool_id = data.aws_ssm_parameter.pool_id.value
name = "mygroup"
description = "Reproduce issue"
}
flowchart TD
A[Code A] -->| Plan and Apply | B( Installing Code A )
B -->| Creating Pool id | C( Cognito pool )
C -->| Creating SSM | D( SSM value with pool-id)
X[Code B] -->| Plan and Apply | Y( Installing Code B )
Y -->| Getting Pool-id from SSM | Z( Read SSM value )
Z -->| Creating Group | W( Cognito group )
G[Code A] -->| Destory and Apply | H( Re-Installing Code A )
H -->| Re-Creating Pool id | I( Cognito pool )
I -->| Updated SSM | J( SSM value with new pool-id)
K[Code B] -->| Plan and Apply | L( )
L[
Refreshing state.. Code B
ResourceNotFoundException: User pool us-west-2_xxxxxx does not exist.
]
at least, now can you able to understand @justinretzolk
I experience the same problem. Created a Cognito user pool and user groups with terraform, later removed the entire user pool outside of Terraform. Now trying to redeploy the user pool and groups with terraform fails with ResourceNotFoundException
.
The user pool ID should be updated for depending resources (e.g., user groups) during redeployment IMHO.
we're doing some thing user-pool create separately in "Code A" and group created separately in "Code B".
Terrafrom even through an error while refreshing "Code B" state.. ResourceNotFoundException
"Code B" must get latest user-pool-id and then update this group in that latest pool.
Any update on this?
Error: reading Amazon Cognito IDP (Identity Provider) User Group (my_group): ResourceNotFoundException: User pool us-east-xxxx does not exist.
If the Terraform state file is unable to find the user-pool-id, it means it was deleted. There is no point in enforcing this error in Terraform. We can't move back and forth.
@justinretzolk, any updates ?
@justinretzolk, Any updates on fixing this issue ?
Terraform Core Version
1.4.6
AWS Provider Version
4.67.0
Affected Resource(s)
Error: reading Amazon Cognito IDP (Identity Provider) User Group (cognito_dr_admin): ResourceNotFoundException: User pool
us-west-2_a1b2c3
does not exist.Expected Behavior
Not supporting update-in-place. Why?
The
aws_cognito_user_group
initially created inside the user pool, let's assume 'us-west-2_a1b2c3,' and the group name is 'test_group_1.'Later, if the same
aws_cognito_user_group
is updating with an updated/changed user pool Idus-west-2_x1y2z3
, the resource is not able to understand that the user pool ID has been updated already. It still refers to the older one likeus-west-2_a1b2c3
.Actual Behavior
My point here is that the
aws_cognito_user_group
resource must be updated in place, regardless of the user pool ID we pass, right?Relevant Error/Panic Output Snippet
Terraform Configuration Files
....
Steps to Reproduce
aws_cognito_user_group
will not update in place; it retains the original user-pool-id and does not automatically update to the new one.Debug Output
Error: reading Amazon Cognito IDP (Identity Provider) User Group (cognito_dr_admin): ResourceNotFoundException: User pool
us-west-2_a1b2c3
does not exist.Panic Output
Error: reading Amazon Cognito IDP (Identity Provider) User Group (cognito_dr_admin): ResourceNotFoundException: User pool
us-west-2_a1b2c3
does not exist.Important Factoids
No response
References
No response
Would you like to implement a fix?
None