jeffsw
commented
2 years ago This is working but there's an outstanding Terraform resource cycling issue with the aws_cognito_user_pool_client which keeps changing the client ID used by the es identity pool. I don't know why it's happening. It doesn't happen on every Terraform invocation, but will generally happen if there hasn't been a recent apply. Below is an example of the cycling output. Even though this is happening, Cognito is still working after each apply.
# aws_cognito_identity_pool.es will be updated in-place
~ resource "aws_cognito_identity_pool" "es" {
id = "us-east-1:d8984571-3610-444d-84f2-b51deae282f2"
tags = {}
# (8 unchanged attributes hidden)
- cognito_identity_providers {
- client_id = "4518bhvac8g6ue3iuf5p642i83" -> null
- provider_name = "cognito-idp.us-east-1.amazonaws.com/us-east-1_nFSzbluZz" -> null
- server_side_token_check = true -> null
}
# (1 unchanged block hidden)
}
aws_cognito_managed_user_pool_client was finally released to address the cycling deficiency in the aws provider. It should be possible to replace the
aws_cognito_user_poolwith the new resource-type.There appear to be some outstanding permissions gotchas as well. Need to re-evaluate those after working through the cycling problem. Might create a temporary dev instance to experiment.