DEVHIDE
Login Or Sign up

Terraform deploy Cognito Pool. "Invitation message" is always reset to default

33 Views Asked by At

I have a code in Terraform which reads a list and makes a Cognito pool for each element. If there's a pool with the current name the pool is kept as is. This works fine for me.

Generally speaking, if pool exists and a parameter for that pool is defined in Terraform code, that setting is reset in the existing pool accordingly, and kept as I see it in console if not. This works fine for me too.

So if in Terraform I define, for instance, password_policy element the new rules are applied, if not existing rules are kept. Same successfully happens with verification_message_template.

The problem is: No matter if I define invite_message_template or not. In all cases the "invitation message" I see in console is reset to default.

Is this the expected behavior? Docs are not shedding light on it. Is there any way to keep the template for invitation as is in console?

resource "aws_cognito_user_pool" "multitenantpools" {
  for_each = {for i, v in local.tenants_list_nonsensitive:  i => v}
    name = "pool-${each.value.tenant}-${var.env}"

    deletion_protection = "ACTIVE"
    username_attributes = ["email"]
    auto_verified_attributes = ["email"]

    # password_policy {
    #   minimum_length = 8
    #   require_numbers = true
    #   require_uppercase = true
    #   require_lowercase = true
    # }

    # verification_message_template {
    #   default_email_option = "CONFIRM_WITH_CODE"
    #   email_subject = "Account Confirmation"
    #   email_message = "Your confirmation code is {####}"
    # }

    admin_create_user_config {
      allow_admin_create_user_only = true
    }

    schema {
      attribute_data_type      = "String"
      developer_only_attribute = false
      mutable                  = true
      name                     = "email"
      required                 = true

      string_attribute_constraints {
        min_length = 1
        max_length = 256
      }
    }

    tags = {
      #Name  = "${local.pool_prefix}_${each.value.tenant}_${var.env}"
      domain = "${each.value.domain}" # trick to inject custom info for Client resource
      tenant = "${each.value.tenant}" # trick to inject custom info for Client resource
    }

}
``
terraform amazon-cognito pool
Original Q&A
1

There are 1 best solutions below

0
jaume On

I didn't know invite_message_template is indeed included in admin_create_user_config so as I was setting admin_create_user_config I was also in a hidden way setting invite_message_template.
I found that ignore_changes prevents explicitly any changes.
So finally setting this kept my template untouched on console:

lifecycle {
      ignore_changes = [
        password_policy,
        verification_message_template,
        admin_create_user_config, # includes invite_message_template
      ]
    }

Related Questions in TERRAFORM

Related Questions in AMAZON-COGNITO

Related Questions in POOL

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.