[Bug]: Can't modify aws_elasticache_user resource user_name

[hwildwood]

Terraform Core Version

1.7.1

AWS Provider Version

5.44

Affected Resource(s)

aws_elasticache_user

Expected Behavior

I can update the user_name and terraform will destroy the old one and replace it with a new one.

Actual Behavior

I updated the user_name property on the aws_elasticache_user service user. The apply then fails, it looks like terraform tries to create the new user first which results in a user_id clash.

Relevant Error/Panic Output Snippet

# aws_elasticache_user.default must be replaced
+/- resource "aws_elasticache_user" "default" {
      ~ arn                  = "***" -> (known after apply)
      ~ engine               = "redis" -> "REDIS"
      ~ id                   = "service-user" -> (known after apply)
      - tags                 = {} -> null
      ~ user_name            = "service-user" -> "default" # forces replacement
        # (5 unchanged attributes hidden)

      - authentication_mode {
          - password_count = 1 -> null
          - passwords      = (sensitive value) -> null
          - type           = "password" -> null
        }
    }

  # aws_elasticache_user_group.default will be updated in-place
  ~ resource "aws_elasticache_user_group" "default" {
        id            = "service-redis-cache-ug"
        tags          = {}
      ~ user_ids      = [
          - "default",
            # (1 unchanged element hidden)
        ]
        # (4 unchanged attributes hidden)
    }

Plan: 1 to add, 2 to change, 1 to destroy.

Do you want to perform these actions in workspace "dev"?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_elasticache_user.default: Creating...
╷
│ Error: creating ElastiCache User (service-user): UserAlreadyExists: User service-user already exists.
│       status code: 400, request id: 4c907035-a53a-4721-8e8d-57c05432b83d
│ 
│   with aws_elasticache_user.default,
│   on redis.tf line 27, in resource "aws_elasticache_user" "default":
│   27: resource "aws_elasticache_user" "default" {
│ 
╵

Terraform Configuration Files

N/A I'm afraid.

Steps to Reproduce

• Create an elasticache instance with a user group and user
• Try and rename the user_name of the user.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @hwildwood 👋 Does this happen with user names other than default and service-name? I know we've seen other issues (for example #34784) where the use of default caused unexpected behavior, so wanted to rule that out.

[hwildwood]

Hey @hwildwood 👋 Does this happen with user names other than default and service-name? I know we've seen other issues (for example #34784) where the use of default caused unexpected behavior, so wanted to rule that out.

I get the same thing if I use a different user_name like default_new. I also tried again with the latest 5.52 version.

╷
│ Error: creating ElastiCache User (service-default-user): UserAlreadyExists: User service-default-user already exists.
│       status code: 400, request id: 79be2704-1595-4d8a-b45d-89d855eb3a5f
│ 
│   with aws_elasticache_user.default,
│   on redis.tf line 27, in resource "aws_elasticache_user" "default":
│   27: resource "aws_elasticache_user" "default" {
│ 
╵