[Bug]: Cannot use aws_elasticache_user_group_association to specify the default user

[CarlosZaldivar]

Terraform Core Version

1.4.6

AWS Provider Version

4.67.0

Affected Resource(s)

• aws_elasticache_user_group
• aws_elasticache_user_group_association

Expected Behavior

I expect to be able to add a default user to aws_elasticache_user_group using aws_elasticache_user_group_association, not just aws_elasticache_user_group.user_ids. The usage of aws_elasticache_user_group.user_ids conflicts with adding new users using aws_elasticache_user_group_association and forces the use of ignore_changes on user_ids. This has been described here.

Actual Behavior

Error 400 is shown.

Relevant Error/Panic Output Snippet

Error: creating ElastiCache User Group (test-group): DefaultUserRequired: User group needs to contain a user with the user name default.

Terraform Configuration Files

resource "aws_elasticache_user" "test" {
  user_id       = "test-user"
  user_name     = "default"
  access_string = "on ~* &* +@all"
  engine        = "REDIS"
  passwords     = ["testtesttesttesttest"]
}

resource "aws_elasticache_user_group" "test_group" {
  engine        = "REDIS"
  user_group_id = "test-group"
}

resource "aws_elasticache_user_group_association" "test_user_association" {
  user_group_id = aws_elasticache_user_group.test_group.user_group_id
  user_id       = aws_elasticache_user.test.id
}

Steps to Reproduce

Run apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[Sohaib112]

I believe this limitation is from AWS. I tried creating a user group using the AWS console and it gave me a similar error to add the default user in user_group. I did not find any AWS document explaining this.

[CarlosZaldivar]

Yes, but could the provider be smart enough to add the default user from aws_elasticache_user_group_association when creating the group? As far as I know aws_elasticache_user_group_association is a concept from the provider and it doesn't have an AWS equivalent anyway. I don't know the inner workings of the provider, so I don't know how difficult it would be to make it work.

[mshahmoradi87]

As mentioned above, this is a limitation from aws side, if you do it like example it works.

Create the default user, create the group with default user and then create other users and associate them with the group.