when I remove the pre_token_generation_config block from inside the lambda_config block in the aws_cognito_user_pool resourdce I expect the Pre token generation Lambda trigger to be removed.
Actual Behavior
no changes are detected in the resource during reconciliation on tf plan.
It doesn't look like the other parts of the user pool configuration are relevant to the issue, I believe the problem can be reproduced with any valid user pool configuration. the dynamic block is not required for reproduction, It can be achieved with just adding the block and then removing it/commenting it out.
Steps to Reproduce
create an user pool
create a valid pre_token_generation lambda
add valid pre_sign_up and post_authentication lambdas (we probably need just 1 so that the lambda_config block contains something more than the pre token generation config.
set advanced_security_mode to "ENFORCED"
set pre_token_generation_config to use the created lambda and set the lambda_version to V2_0
TF apply
Verify that the actual state matches the intention at this moment.
remove the pre_token_generation_config from the lambda_config block.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Terraform Core Version
1.5.7
AWS Provider Version
5.55.0, 5.60.0
Affected Resource(s)
aws_cognito_user_pool
Expected Behavior
when I remove the
pre_token_generation_config
block from inside thelambda_config
block in theaws_cognito_user_pool
resourdce I expect the Pre token generation Lambda trigger to be removed.Actual Behavior
no changes are detected in the resource during reconciliation on tf plan.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
relevant parts of the
aws_cognito_user_pool
blockIt doesn't look like the other parts of the user pool configuration are relevant to the issue, I believe the problem can be reproduced with any valid user pool configuration. the dynamic block is not required for reproduction, It can be achieved with just adding the block and then removing it/commenting it out.
Steps to Reproduce
valid pre_token_generation
lambdapre_sign_up
andpost_authentication
lambdas (we probably need just 1 so that thelambda_config
block contains something more than the pre token generation config.advanced_security_mode
to"ENFORCED"
pre_token_generation_config
to use the created lambda and set thelambda_version
toV2_0
pre_token_generation_config
from thelambda_config
block.No changes
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None