search

lgallard / terraform-aws-cognito-user-pool

Terraform module to create Amazon Cognito User Pools, configure its attributes and resources such as app clients, domain, resource servers. Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users.
Apache License 2.0
93 stars 99 forks source link

Call to function "lookup" failed: lookup failed to find key "attributes_require_verification_before_update" #112

Closed MarkFGarner closed 1 year ago

MarkFGarner commented 1 year ago

I get this error on version 0.21.0 with config that works fine on version 0.20.1

│ Error: Error in function call
│ 
│   on .terraform/modules/cognito_user_pool/main.tf line 198, in resource "aws_cognito_user_pool" "pool":
│  198:       attributes_require_verification_before_update = lookup(user_attribute_update_settings.value, "attributes_require_verification_before_update")
│     ├────────────────
│     │ user_attribute_update_settings.value is empty map of list of string
│ 
│ Call to function "lookup" failed: lookup failed to find key "attributes_require_verification_before_update".

My configuration is:

module "cognito_user_pool" {
  source = "lgallard/cognito-user-pool/aws"
  version = "0.20.1"

  user_pool_name      = "v3_${local.parsed_workspace}"
  username_attributes = ["email"]

  deletion_protection = var.deletion_protection[local.workspace]

  mfa_configuration = var.mfa_configuration[local.workspace]
  software_token_mfa_configuration = {
    enabled = true
  }

  device_configuration = {
    challenge_required_on_new_device      = true
    device_only_remembered_on_user_prompt = true
  }

  email_configuration = {
    email_sending_account = "DEVELOPER"
    source_arn            = data.aws_ses_email_identity.this.arn
  }

  recovery_mechanisms = [
    {
      name     = "verified_email"
      priority = 1
    },
  ]

  lambda_config = {
    user_migration = aws_lambda_function.auth_migrate_user.arn
  }

  password_policy = {
    minimum_length                   = 10
    require_lowercase                = true
    require_numbers                  = true
    require_symbols                  = true
    require_uppercase                = true
    temporary_password_validity_days = 7

  }

  user_pool_add_ons = {
    advanced_security_mode = "ENFORCED"
  }

  verification_message_template = {
    default_email_option = "CONFIRM_WITH_LINK"
  }

  schemas = [
    {
      name                     = "email_verified"
      attribute_data_type      = "Boolean"
      developer_only_attribute = false
      mutable                  = true
      required                 = false
    },
    {
      name                     = "phone_num_verified"
      attribute_data_type      = "Boolean"
      developer_only_attribute = false
      mutable                  = true
      required                 = false
    }
  ]

  string_schemas = [
    {
      name                     = "sub"
      attribute_data_type      = "String"
      developer_only_attribute = false
      mutable                  = false
      required                 = true

      string_attribute_constraints = {
        min_length = 1
        max_length = 2048
      }
    },
    {
      name                     = "name"
      attribute_data_type      = "String"
      developer_only_attribute = false
      mutable                  = true
      required                 = false

      string_attribute_constraints = {
        min_length = 1
        max_length = 2048
      }
    },
    {
      name                     = "email"
      attribute_data_type      = "String"
      developer_only_attribute = false
      mutable                  = true
      required                 = true

      string_attribute_constraints = {
        min_length = 1
        max_length = 2048
      }
    },
    {
      name                     = "v2Permissions"
      attribute_data_type      = "String"
      developer_only_attribute = false
      mutable                  = true
      required                 = false

      string_attribute_constraints = {
        min_length = 1
        max_length = 2048
      }
    },
    {
      name                     = "v3Permissions"
      attribute_data_type      = "String"
      developer_only_attribute = false
      mutable                  = true
      required                 = false

      string_attribute_constraints = {
        min_length = 1
        max_length = 2048
      }
    },
  ]

  number_schemas = [
    {
      name                     = "updated_at"
      attribute_data_type      = "Number"
      developer_only_attribute = false
      mutable                  = true
      required                 = false

      number_attribute_constraints = {
        min_value = 10
        max_value = 10
      }
    },
    {
      name                     = "Id"
      attribute_data_type      = "Number"
      developer_only_attribute = false
      mutable                  = true
      required                 = false

      number_attribute_constraints = {
        min_value = 1
        max_value = 2048
      }
    },
  ]

  domain = "v3-${local.parsed_workspace}"

  clients = [
    {
      name                                 = "v3"
      allowed_oauth_flows                  = ["code"]
      allowed_oauth_flows_user_pool_client = true
      allowed_oauth_scopes                 = ["email", "openid", "phone", "profile"]
      callback_urls                        = ["https://mydomain.com/callback"]
      # default_redirect_uri                 = "https://mydomain.com/callback"  
      explicit_auth_flows          = ["ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH"]
      generate_secret              = false
      logout_urls                  = []
      read_attributes              = ["email", "email_verified", "custom:Id", "custom:v2Permissions", "custom:v3Permissions", ]
      supported_identity_providers = ["COGNITO"]
      write_attributes             = ["email", "custom:v2Permissions", "custom:v3Permissions", ]
      access_token_validity        = 1
      id_token_validity            = 1
      refresh_token_validity       = 30
      token_validity_units = {
        access_token  = "hours"
        id_token      = "hours"
        refresh_token = "days"
      }
    },
    {
      name                                 = "risk_manager"
      allowed_oauth_flows                  = ["code"]
      allowed_oauth_flows_user_pool_client = true
      allowed_oauth_scopes                 = ["email", "openid", "phone", "profile"]
      callback_urls                        = ["https://mydomain.com/callback"]
      # default_redirect_uri                 = "https://mydomain.com/callback"  
      explicit_auth_flows          = ["ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH"]
      generate_secret              = false
      logout_urls                  = []
      read_attributes              = ["email", "email_verified", "custom:Id", "custom:v2Permissions", "custom:v3Permissions", ]
      supported_identity_providers = ["COGNITO"]
      write_attributes             = ["email", "custom:v2Permissions", "custom:v3Permissions", ]
      access_token_validity        = 1
      id_token_validity            = 1
      refresh_token_validity       = 30
      token_validity_units = {
        access_token  = "hours"
        id_token      = "hours"
        refresh_token = "days"
      }
    },
  ]

}
MarkFGarner commented 1 year ago

@trahim @lgallard Thanks both!