search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.61k stars 9k forks source link

Cognito Email Templates Not Used #9544

Open claranet-barney opened 4 years ago

claranet-barney commented 4 years ago

Community Note

Terraform Version

Affected Resource(s)

Terraform Configuration Files

resource "aws_cognito_user_pool" "pool" {

  username_attributes = ["email"]

  auto_verified_attributes = [
    "email",
  ]

  verification_message_template {
    default_email_option = "CONFIRM_WITH_LINK"
    #email_subject        = "Your verification link for <App Name>"
    #email_message        = file("./templates/email_message.html")
  }

  #email_verification_subject = "Your verification link for <App Name>"
  #email_verification_message = file("./templates/email_message.html")

  mfa_configuration          = "OFF"
  name                       = "<PoolName>${upper(var.envname)}"
  sms_authentication_message = "Your authentication code is {####}. "
  sms_verification_message   = "Your verification code is {####}. "
  tags                       = {}

  admin_create_user_config {
    allow_admin_create_user_only = false
    #unused_account_validity_days = 7

    invite_message_template {
      email_message = "Your username is {username} and temporary password is {####}. "
      email_subject = "Your temporary password"
      sms_message = "Your username is {username} and temporary password is {####}. "
    }
  }

  email_configuration {
    email_sending_account = "COGNITO_DEFAULT"
  }

  password_policy {
    minimum_length    = 8
    require_lowercase = true
    require_numbers   = true
    require_symbols   = true
    require_uppercase = true
    #    temporary_password_validity_days = 7
  }

  schema {
    attribute_data_type      = "String"
    developer_only_attribute = false
    mutable                  = true
    name                     = "email"
    required                 = true

    string_attribute_constraints {
      max_length = "2048"
      min_length = "0"
    }
  }

  schema {
    attribute_data_type      = "String"
    developer_only_attribute = false
    mutable                  = true
    name                     = "name"
    required                 = true

    string_attribute_constraints {
      max_length = "2048"
      min_length = "0"
    }
  }

}

Expected Behavior

There are two commented out parameters which are optional to each other:

Terraform should import the email template in to the Cognito user pool either on creation or as an update.

Actual Behavior

Either option noted above should work, however after pool creation or update, the default template has been used, not the one specified in the parameters.

Steps to Reproduce

Create a basic user pool and provide a verification email subject and template

  1. terraform apply

Important Factoids

Adding the templates manually through the console is fine, and does not affect the Terraform actions on the next plan/apply

Terraform does complain if specific text is not present (i.e. {####}) so it is doing some level of validation internally.

No errors are reported, just a successful apply

jcdevs commented 4 years ago

I just ran into this issue and when I tested password recovery, my verification_message_template config is what recovery ended up using.

justinretzolk commented 2 years ago

Hey @claranet-barney :wave: Thank you for taking the time to file this issue! Given that there's been a number of AWS provider releases since this was initially filed, can you confirm whether you're still experiencing this behavior?

gairik-sablono commented 1 year ago

I can confirm that this is still not fixed.

pureiboi commented 10 months ago

hi, any plans for the fix?

it would be nice that we can capture all the configuration in terraform rather to have some via console, and other parts are in terraform