Mixing
How to fix cognito user pool domain destruction with terraform so the user pool could be re-created?
1
I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:
InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.
Terraform version: 0.11.11
aws provider version: 1.52.0
I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'
resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
}
resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {
name = "dev-admin-pool-client"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
generate_secret = false
...
}
resource "aws_cognito_user_pool_domain" "admin_cognito_domain" {
domain = "demo-dev"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
}
Above code will create user pool, user pool client, user pool domain successfully.
Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply
resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
schema = [
{
attribute_data_type = "String",
name = "family_name",
required = true,
mutable = true,
string_attribute_constraints {
min_length = 6
max_length = 32
}
},
]
}
Terraform plan:
-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)
id: "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)
admin_create_user_config.#: "1" => "1"
admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"
admin_create_user_config.0.unused_account_validity_days: "7" => "7"
alias_attributes.#: "" => "1" (forces new resource)
alias_attributes.881205744: "" => "email" (forces new resource)
arn: "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>
auto_verified_attributes.#: "1" => "1"
auto_verified_attributes.881205744: "email" => "email"
creation_date: "2018-12-19T04:49:06Z" => <computed>
email_verification_message: "" => <computed>
email_verification_subject: "" => <computed>
endpoint: "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>
lambda_config.#: "0" => <computed>
last_modified_date: "2018-12-19T04:49:06Z" => <computed>
mfa_configuration: "OFF" => "OFF"
name: "dev-admin-pool" => "dev-admin-pool"
password_policy.#: "1" => <computed>
schema.#: "0" => "1" (forces new resource)
schema.893014206.attribute_data_type: "" => "String" (forces new resource)
schema.893014206.developer_only_attribute: "" => ""
schema.893014206.mutable: "" => "true" (forces new resource)
schema.893014206.name: "" => "family_name" (forces new resource)
schema.893014206.number_attribute_constraints.#: "" => "0"
schema.893014206.required: "" => "true" (forces new resource)
schema.893014206.string_attribute_constraints.#: "" => "0"
verification_message_template.#: "1" => <computed>
-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)
id: "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)
allowed_oauth_flows.#: "2" => "2"
allowed_oauth_flows.2645166319: "code" => "code"
allowed_oauth_flows.3465961881: "implicit" => "implicit"
allowed_oauth_flows_user_pool_client: "true" => "true"
allowed_oauth_scopes.#: "2" => "2"
allowed_oauth_scopes.2517049750: "openid" => "openid"
allowed_oauth_scopes.881205744: "email" => "email"
callback_urls.#: "1" => "1"
callback_urls.0: "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"
client_secret: "" => <computed>
explicit_auth_flows.#: "2" => "2"
explicit_auth_flows.1860959087: "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"
explicit_auth_flows.245201344: "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"
generate_secret: "false" => "false"
name: "dev-admin-pool-client" => "dev-admin-pool-client"
refresh_token_validity: "30" => "30"
supported_identity_providers.#: "1" => "1"
supported_identity_providers.0: "COGNITO" => "COGNITO"
user_pool_id: "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)
id: "demo-dev" => <computed> (forces new resource)
aws_account_id: "" => <computed>
cloudfront_distribution_arn: "" => <computed>
domain: "demo-dev" => "demo-dev"
s3_bucket: "" => <computed>
user_pool_id: "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
version: "" => <computed>
Exact error with terraform apply -
[...]
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)
module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s
Error: Error applying plan:
1 error(s) occurred:
* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:
* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.
Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.
amazon-cognito terraform terraform-provider-aws
asked Jan 2 at 6:16
nishantnishant
63
add a comment |
1
I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:
InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.
Terraform version: 0.11.11
aws provider version: 1.52.0
I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'
resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
}
resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {
name = "dev-admin-pool-client"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
generate_secret = false
...
}
resource "aws_cognito_user_pool_domain" "admin_cognito_domain" {
domain = "demo-dev"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
}
Above code will create user pool, user pool client, user pool domain successfully.
Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply
resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
schema = [
{
attribute_data_type = "String",
name = "family_name",
required = true,
mutable = true,
string_attribute_constraints {
min_length = 6
max_length = 32
}
},
]
}
Terraform plan:
-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)
id: "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)
admin_create_user_config.#: "1" => "1"
admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"
admin_create_user_config.0.unused_account_validity_days: "7" => "7"
alias_attributes.#: "" => "1" (forces new resource)
alias_attributes.881205744: "" => "email" (forces new resource)
arn: "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>
auto_verified_attributes.#: "1" => "1"
auto_verified_attributes.881205744: "email" => "email"
creation_date: "2018-12-19T04:49:06Z" => <computed>
email_verification_message: "" => <computed>
email_verification_subject: "" => <computed>
endpoint: "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>
lambda_config.#: "0" => <computed>
last_modified_date: "2018-12-19T04:49:06Z" => <computed>
mfa_configuration: "OFF" => "OFF"
name: "dev-admin-pool" => "dev-admin-pool"
password_policy.#: "1" => <computed>
schema.#: "0" => "1" (forces new resource)
schema.893014206.attribute_data_type: "" => "String" (forces new resource)
schema.893014206.developer_only_attribute: "" => ""
schema.893014206.mutable: "" => "true" (forces new resource)
schema.893014206.name: "" => "family_name" (forces new resource)
schema.893014206.number_attribute_constraints.#: "" => "0"
schema.893014206.required: "" => "true" (forces new resource)
schema.893014206.string_attribute_constraints.#: "" => "0"
verification_message_template.#: "1" => <computed>
-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)
id: "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)
allowed_oauth_flows.#: "2" => "2"
allowed_oauth_flows.2645166319: "code" => "code"
allowed_oauth_flows.3465961881: "implicit" => "implicit"
allowed_oauth_flows_user_pool_client: "true" => "true"
allowed_oauth_scopes.#: "2" => "2"
allowed_oauth_scopes.2517049750: "openid" => "openid"
allowed_oauth_scopes.881205744: "email" => "email"
callback_urls.#: "1" => "1"
callback_urls.0: "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"
client_secret: "" => <computed>
explicit_auth_flows.#: "2" => "2"
explicit_auth_flows.1860959087: "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"
explicit_auth_flows.245201344: "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"
generate_secret: "false" => "false"
name: "dev-admin-pool-client" => "dev-admin-pool-client"
refresh_token_validity: "30" => "30"
supported_identity_providers.#: "1" => "1"
supported_identity_providers.0: "COGNITO" => "COGNITO"
user_pool_id: "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)
id: "demo-dev" => <computed> (forces new resource)
aws_account_id: "" => <computed>
cloudfront_distribution_arn: "" => <computed>
domain: "demo-dev" => "demo-dev"
s3_bucket: "" => <computed>
user_pool_id: "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
version: "" => <computed>
Exact error with terraform apply -
[...]
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)
module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s
Error: Error applying plan:
1 error(s) occurred:
* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:
* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.
Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.
amazon-cognito terraform terraform-provider-aws
asked Jan 2 at 6:16
nishantnishant
63
Can you share the exact error messages you get after the set of steps you perform?
– ydaetskcoR
Jan 2 at 7:56
@ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.
– nishant
Jan 2 at 22:52
add a comment |
1
1
1
I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:
InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.
Terraform version: 0.11.11
aws provider version: 1.52.0
I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'
resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
}
resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {
name = "dev-admin-pool-client"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
generate_secret = false
...
}
resource "aws_cognito_user_pool_domain" "admin_cognito_domain" {
domain = "demo-dev"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
}
Above code will create user pool, user pool client, user pool domain successfully.
Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply
resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
schema = [
{
attribute_data_type = "String",
name = "family_name",
required = true,
mutable = true,
string_attribute_constraints {
min_length = 6
max_length = 32
}
},
]
}
Terraform plan:
-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)
id: "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)
admin_create_user_config.#: "1" => "1"
admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"
admin_create_user_config.0.unused_account_validity_days: "7" => "7"
alias_attributes.#: "" => "1" (forces new resource)
alias_attributes.881205744: "" => "email" (forces new resource)
arn: "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>
auto_verified_attributes.#: "1" => "1"
auto_verified_attributes.881205744: "email" => "email"
creation_date: "2018-12-19T04:49:06Z" => <computed>
email_verification_message: "" => <computed>
email_verification_subject: "" => <computed>
endpoint: "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>
lambda_config.#: "0" => <computed>
last_modified_date: "2018-12-19T04:49:06Z" => <computed>
mfa_configuration: "OFF" => "OFF"
name: "dev-admin-pool" => "dev-admin-pool"
password_policy.#: "1" => <computed>
schema.#: "0" => "1" (forces new resource)
schema.893014206.attribute_data_type: "" => "String" (forces new resource)
schema.893014206.developer_only_attribute: "" => ""
schema.893014206.mutable: "" => "true" (forces new resource)
schema.893014206.name: "" => "family_name" (forces new resource)
schema.893014206.number_attribute_constraints.#: "" => "0"
schema.893014206.required: "" => "true" (forces new resource)
schema.893014206.string_attribute_constraints.#: "" => "0"
verification_message_template.#: "1" => <computed>
-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)
id: "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)
allowed_oauth_flows.#: "2" => "2"
allowed_oauth_flows.2645166319: "code" => "code"
allowed_oauth_flows.3465961881: "implicit" => "implicit"
allowed_oauth_flows_user_pool_client: "true" => "true"
allowed_oauth_scopes.#: "2" => "2"
allowed_oauth_scopes.2517049750: "openid" => "openid"
allowed_oauth_scopes.881205744: "email" => "email"
callback_urls.#: "1" => "1"
callback_urls.0: "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"
client_secret: "" => <computed>
explicit_auth_flows.#: "2" => "2"
explicit_auth_flows.1860959087: "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"
explicit_auth_flows.245201344: "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"
generate_secret: "false" => "false"
name: "dev-admin-pool-client" => "dev-admin-pool-client"
refresh_token_validity: "30" => "30"
supported_identity_providers.#: "1" => "1"
supported_identity_providers.0: "COGNITO" => "COGNITO"
user_pool_id: "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)
id: "demo-dev" => <computed> (forces new resource)
aws_account_id: "" => <computed>
cloudfront_distribution_arn: "" => <computed>
domain: "demo-dev" => "demo-dev"
s3_bucket: "" => <computed>
user_pool_id: "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
version: "" => <computed>
Exact error with terraform apply -
[...]
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)
module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s
Error: Error applying plan:
1 error(s) occurred:
* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:
* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.
Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.
amazon-cognito terraform terraform-provider-aws
asked Jan 2 at 6:16
nishantnishant
63
I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:
InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.
Terraform version: 0.11.11
aws provider version: 1.52.0
I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'
resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
}
resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {
name = "dev-admin-pool-client"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
generate_secret = false
...
}
resource "aws_cognito_user_pool_domain" "admin_cognito_domain" {
domain = "demo-dev"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
}
Above code will create user pool, user pool client, user pool domain successfully.
Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply
resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
schema = [
{
attribute_data_type = "String",
name = "family_name",
required = true,
mutable = true,
string_attribute_constraints {
min_length = 6
max_length = 32
}
},
]
}
Terraform plan:
-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)
id: "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)
admin_create_user_config.#: "1" => "1"
admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"
admin_create_user_config.0.unused_account_validity_days: "7" => "7"
alias_attributes.#: "" => "1" (forces new resource)
alias_attributes.881205744: "" => "email" (forces new resource)
arn: "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>
auto_verified_attributes.#: "1" => "1"
auto_verified_attributes.881205744: "email" => "email"
creation_date: "2018-12-19T04:49:06Z" => <computed>
email_verification_message: "" => <computed>
email_verification_subject: "" => <computed>
endpoint: "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>
lambda_config.#: "0" => <computed>
last_modified_date: "2018-12-19T04:49:06Z" => <computed>
mfa_configuration: "OFF" => "OFF"
name: "dev-admin-pool" => "dev-admin-pool"
password_policy.#: "1" => <computed>
schema.#: "0" => "1" (forces new resource)
schema.893014206.attribute_data_type: "" => "String" (forces new resource)
schema.893014206.developer_only_attribute: "" => ""
schema.893014206.mutable: "" => "true" (forces new resource)
schema.893014206.name: "" => "family_name" (forces new resource)
schema.893014206.number_attribute_constraints.#: "" => "0"
schema.893014206.required: "" => "true" (forces new resource)
schema.893014206.string_attribute_constraints.#: "" => "0"
verification_message_template.#: "1" => <computed>
-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)
id: "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)
allowed_oauth_flows.#: "2" => "2"
allowed_oauth_flows.2645166319: "code" => "code"
allowed_oauth_flows.3465961881: "implicit" => "implicit"
allowed_oauth_flows_user_pool_client: "true" => "true"
allowed_oauth_scopes.#: "2" => "2"
allowed_oauth_scopes.2517049750: "openid" => "openid"
allowed_oauth_scopes.881205744: "email" => "email"
callback_urls.#: "1" => "1"
callback_urls.0: "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"
client_secret: "" => <computed>
explicit_auth_flows.#: "2" => "2"
explicit_auth_flows.1860959087: "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"
explicit_auth_flows.245201344: "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"
generate_secret: "false" => "false"
name: "dev-admin-pool-client" => "dev-admin-pool-client"
refresh_token_validity: "30" => "30"
supported_identity_providers.#: "1" => "1"
supported_identity_providers.0: "COGNITO" => "COGNITO"
user_pool_id: "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)
id: "demo-dev" => <computed> (forces new resource)
aws_account_id: "" => <computed>
cloudfront_distribution_arn: "" => <computed>
domain: "demo-dev" => "demo-dev"
s3_bucket: "" => <computed>
user_pool_id: "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
version: "" => <computed>
Exact error with terraform apply -
[...]
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)
module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s
Error: Error applying plan:
1 error(s) occurred:
* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:
* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.
Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.
amazon-cognito terraform terraform-provider-aws
amazon-cognito terraform terraform-provider-aws
asked Jan 2 at 6:16
nishantnishant
63
asked Jan 2 at 6:16
nishantnishant
63
edited Jan 2 at 22:49
nishant
asked Jan 2 at 6:16
nishantnishant
63
asked Jan 2 at 6:16
nishantnishant
63
asked Jan 2 at 6:16
nishantnishant
63
63
Can you share the exact error messages you get after the set of steps you perform?
– ydaetskcoR
Jan 2 at 7:56
@ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.
– nishant
Jan 2 at 22:52
add a comment |
Can you share the exact error messages you get after the set of steps you perform?
– ydaetskcoR
Jan 2 at 7:56
@ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.
– nishant
Jan 2 at 22:52
Can you share the exact error messages you get after the set of steps you perform?
– ydaetskcoR
Jan 2 at 7:56
Can you share the exact error messages you get after the set of steps you perform?
– ydaetskcoR
Jan 2 at 7:56
@ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.
– nishant
Jan 2 at 22:52
@ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.
– nishant
Jan 2 at 22:52
add a comment |
1 Answer
1
active
oldest
votes
0
Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.
answered Jan 8 at 23:07
nishantnishant
63
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54002030%2fhow-to-fix-cognito-user-pool-domain-destruction-with-terraform-so-the-user-pool%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.
answered Jan 8 at 23:07
nishantnishant
63
add a comment |
0
Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.
answered Jan 8 at 23:07
nishantnishant
63
add a comment |
0
0
0
Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.
answered Jan 8 at 23:07
nishantnishant
63
Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.
answered Jan 8 at 23:07
nishantnishant
63
answered Jan 8 at 23:07
nishantnishant
63
answered Jan 8 at 23:07
nishantnishant
63
answered Jan 8 at 23:07
nishantnishant
63
63
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54002030%2fhow-to-fix-cognito-user-pool-domain-destruction-with-terraform-so-the-user-pool%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Can you share the exact error messages you get after the set of steps you perform?
– ydaetskcoR
Jan 2 at 7:56
@ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.
– nishant
Jan 2 at 22:52