How to fix cognito user pool domain destruction with terraform so the user pool could be re-created?












1















I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:

InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.



Terraform version: 0.11.11

aws provider version: 1.52.0



I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'



resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
}

resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {
name = "dev-admin-pool-client"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
generate_secret = false
...
}

resource "aws_cognito_user_pool_domain" "admin_cognito_domain" {
domain = "demo-dev"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
}


Above code will create user pool, user pool client, user pool domain successfully.



Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply



resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
schema = [
{
attribute_data_type = "String",
name = "family_name",
required = true,
mutable = true,
string_attribute_constraints {
min_length = 6
max_length = 32
}
},
]
}


Terraform plan:



-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)
id: "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)
admin_create_user_config.#: "1" => "1"
admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"
admin_create_user_config.0.unused_account_validity_days: "7" => "7"
alias_attributes.#: "" => "1" (forces new resource)
alias_attributes.881205744: "" => "email" (forces new resource)
arn: "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>
auto_verified_attributes.#: "1" => "1"
auto_verified_attributes.881205744: "email" => "email"
creation_date: "2018-12-19T04:49:06Z" => <computed>
email_verification_message: "" => <computed>
email_verification_subject: "" => <computed>
endpoint: "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>
lambda_config.#: "0" => <computed>
last_modified_date: "2018-12-19T04:49:06Z" => <computed>
mfa_configuration: "OFF" => "OFF"
name: "dev-admin-pool" => "dev-admin-pool"
password_policy.#: "1" => <computed>
schema.#: "0" => "1" (forces new resource)
schema.893014206.attribute_data_type: "" => "String" (forces new resource)
schema.893014206.developer_only_attribute: "" => ""
schema.893014206.mutable: "" => "true" (forces new resource)
schema.893014206.name: "" => "family_name" (forces new resource)
schema.893014206.number_attribute_constraints.#: "" => "0"
schema.893014206.required: "" => "true" (forces new resource)
schema.893014206.string_attribute_constraints.#: "" => "0"
verification_message_template.#: "1" => <computed>

-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)
id: "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)
allowed_oauth_flows.#: "2" => "2"
allowed_oauth_flows.2645166319: "code" => "code"
allowed_oauth_flows.3465961881: "implicit" => "implicit"
allowed_oauth_flows_user_pool_client: "true" => "true"
allowed_oauth_scopes.#: "2" => "2"
allowed_oauth_scopes.2517049750: "openid" => "openid"
allowed_oauth_scopes.881205744: "email" => "email"
callback_urls.#: "1" => "1"
callback_urls.0: "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"
client_secret: "" => <computed>
explicit_auth_flows.#: "2" => "2"
explicit_auth_flows.1860959087: "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"
explicit_auth_flows.245201344: "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"
generate_secret: "false" => "false"
name: "dev-admin-pool-client" => "dev-admin-pool-client"
refresh_token_validity: "30" => "30"
supported_identity_providers.#: "1" => "1"
supported_identity_providers.0: "COGNITO" => "COGNITO"
user_pool_id: "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)

-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)
id: "demo-dev" => <computed> (forces new resource)
aws_account_id: "" => <computed>
cloudfront_distribution_arn: "" => <computed>
domain: "demo-dev" => "demo-dev"
s3_bucket: "" => <computed>
user_pool_id: "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
version: "" => <computed>


Exact error with terraform apply -



[...]
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)
module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s

Error: Error applying plan:

1 error(s) occurred:

* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:

* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.


Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.










share|improve this question

























  • Can you share the exact error messages you get after the set of steps you perform?

    – ydaetskcoR
    Jan 2 at 7:56











  • @ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.

    – nishant
    Jan 2 at 22:52


















1















I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:

InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.



Terraform version: 0.11.11

aws provider version: 1.52.0



I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'



resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
}

resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {
name = "dev-admin-pool-client"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
generate_secret = false
...
}

resource "aws_cognito_user_pool_domain" "admin_cognito_domain" {
domain = "demo-dev"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
}


Above code will create user pool, user pool client, user pool domain successfully.



Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply



resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
schema = [
{
attribute_data_type = "String",
name = "family_name",
required = true,
mutable = true,
string_attribute_constraints {
min_length = 6
max_length = 32
}
},
]
}


Terraform plan:



-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)
id: "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)
admin_create_user_config.#: "1" => "1"
admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"
admin_create_user_config.0.unused_account_validity_days: "7" => "7"
alias_attributes.#: "" => "1" (forces new resource)
alias_attributes.881205744: "" => "email" (forces new resource)
arn: "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>
auto_verified_attributes.#: "1" => "1"
auto_verified_attributes.881205744: "email" => "email"
creation_date: "2018-12-19T04:49:06Z" => <computed>
email_verification_message: "" => <computed>
email_verification_subject: "" => <computed>
endpoint: "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>
lambda_config.#: "0" => <computed>
last_modified_date: "2018-12-19T04:49:06Z" => <computed>
mfa_configuration: "OFF" => "OFF"
name: "dev-admin-pool" => "dev-admin-pool"
password_policy.#: "1" => <computed>
schema.#: "0" => "1" (forces new resource)
schema.893014206.attribute_data_type: "" => "String" (forces new resource)
schema.893014206.developer_only_attribute: "" => ""
schema.893014206.mutable: "" => "true" (forces new resource)
schema.893014206.name: "" => "family_name" (forces new resource)
schema.893014206.number_attribute_constraints.#: "" => "0"
schema.893014206.required: "" => "true" (forces new resource)
schema.893014206.string_attribute_constraints.#: "" => "0"
verification_message_template.#: "1" => <computed>

-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)
id: "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)
allowed_oauth_flows.#: "2" => "2"
allowed_oauth_flows.2645166319: "code" => "code"
allowed_oauth_flows.3465961881: "implicit" => "implicit"
allowed_oauth_flows_user_pool_client: "true" => "true"
allowed_oauth_scopes.#: "2" => "2"
allowed_oauth_scopes.2517049750: "openid" => "openid"
allowed_oauth_scopes.881205744: "email" => "email"
callback_urls.#: "1" => "1"
callback_urls.0: "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"
client_secret: "" => <computed>
explicit_auth_flows.#: "2" => "2"
explicit_auth_flows.1860959087: "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"
explicit_auth_flows.245201344: "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"
generate_secret: "false" => "false"
name: "dev-admin-pool-client" => "dev-admin-pool-client"
refresh_token_validity: "30" => "30"
supported_identity_providers.#: "1" => "1"
supported_identity_providers.0: "COGNITO" => "COGNITO"
user_pool_id: "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)

-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)
id: "demo-dev" => <computed> (forces new resource)
aws_account_id: "" => <computed>
cloudfront_distribution_arn: "" => <computed>
domain: "demo-dev" => "demo-dev"
s3_bucket: "" => <computed>
user_pool_id: "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
version: "" => <computed>


Exact error with terraform apply -



[...]
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)
module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s

Error: Error applying plan:

1 error(s) occurred:

* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:

* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.


Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.










share|improve this question

























  • Can you share the exact error messages you get after the set of steps you perform?

    – ydaetskcoR
    Jan 2 at 7:56











  • @ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.

    – nishant
    Jan 2 at 22:52
















1












1








1








I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:

InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.



Terraform version: 0.11.11

aws provider version: 1.52.0



I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'



resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
}

resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {
name = "dev-admin-pool-client"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
generate_secret = false
...
}

resource "aws_cognito_user_pool_domain" "admin_cognito_domain" {
domain = "demo-dev"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
}


Above code will create user pool, user pool client, user pool domain successfully.



Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply



resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
schema = [
{
attribute_data_type = "String",
name = "family_name",
required = true,
mutable = true,
string_attribute_constraints {
min_length = 6
max_length = 32
}
},
]
}


Terraform plan:



-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)
id: "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)
admin_create_user_config.#: "1" => "1"
admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"
admin_create_user_config.0.unused_account_validity_days: "7" => "7"
alias_attributes.#: "" => "1" (forces new resource)
alias_attributes.881205744: "" => "email" (forces new resource)
arn: "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>
auto_verified_attributes.#: "1" => "1"
auto_verified_attributes.881205744: "email" => "email"
creation_date: "2018-12-19T04:49:06Z" => <computed>
email_verification_message: "" => <computed>
email_verification_subject: "" => <computed>
endpoint: "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>
lambda_config.#: "0" => <computed>
last_modified_date: "2018-12-19T04:49:06Z" => <computed>
mfa_configuration: "OFF" => "OFF"
name: "dev-admin-pool" => "dev-admin-pool"
password_policy.#: "1" => <computed>
schema.#: "0" => "1" (forces new resource)
schema.893014206.attribute_data_type: "" => "String" (forces new resource)
schema.893014206.developer_only_attribute: "" => ""
schema.893014206.mutable: "" => "true" (forces new resource)
schema.893014206.name: "" => "family_name" (forces new resource)
schema.893014206.number_attribute_constraints.#: "" => "0"
schema.893014206.required: "" => "true" (forces new resource)
schema.893014206.string_attribute_constraints.#: "" => "0"
verification_message_template.#: "1" => <computed>

-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)
id: "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)
allowed_oauth_flows.#: "2" => "2"
allowed_oauth_flows.2645166319: "code" => "code"
allowed_oauth_flows.3465961881: "implicit" => "implicit"
allowed_oauth_flows_user_pool_client: "true" => "true"
allowed_oauth_scopes.#: "2" => "2"
allowed_oauth_scopes.2517049750: "openid" => "openid"
allowed_oauth_scopes.881205744: "email" => "email"
callback_urls.#: "1" => "1"
callback_urls.0: "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"
client_secret: "" => <computed>
explicit_auth_flows.#: "2" => "2"
explicit_auth_flows.1860959087: "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"
explicit_auth_flows.245201344: "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"
generate_secret: "false" => "false"
name: "dev-admin-pool-client" => "dev-admin-pool-client"
refresh_token_validity: "30" => "30"
supported_identity_providers.#: "1" => "1"
supported_identity_providers.0: "COGNITO" => "COGNITO"
user_pool_id: "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)

-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)
id: "demo-dev" => <computed> (forces new resource)
aws_account_id: "" => <computed>
cloudfront_distribution_arn: "" => <computed>
domain: "demo-dev" => "demo-dev"
s3_bucket: "" => <computed>
user_pool_id: "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
version: "" => <computed>


Exact error with terraform apply -



[...]
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)
module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s

Error: Error applying plan:

1 error(s) occurred:

* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:

* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.


Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.










share|improve this question
















I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:

InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.



Terraform version: 0.11.11

aws provider version: 1.52.0



I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'



resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
}

resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {
name = "dev-admin-pool-client"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
generate_secret = false
...
}

resource "aws_cognito_user_pool_domain" "admin_cognito_domain" {
domain = "demo-dev"
user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"
}


Above code will create user pool, user pool client, user pool domain successfully.



Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply



resource "aws_cognito_user_pool" "admin_cognito_pool" {
name = "dev-admin-pool"
alias_attributes = ["email"]
auto_verified_attributes = ["email"]
admin_create_user_config = {
allow_admin_create_user_only = true
}
schema = [
{
attribute_data_type = "String",
name = "family_name",
required = true,
mutable = true,
string_attribute_constraints {
min_length = 6
max_length = 32
}
},
]
}


Terraform plan:



-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)
id: "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)
admin_create_user_config.#: "1" => "1"
admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"
admin_create_user_config.0.unused_account_validity_days: "7" => "7"
alias_attributes.#: "" => "1" (forces new resource)
alias_attributes.881205744: "" => "email" (forces new resource)
arn: "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>
auto_verified_attributes.#: "1" => "1"
auto_verified_attributes.881205744: "email" => "email"
creation_date: "2018-12-19T04:49:06Z" => <computed>
email_verification_message: "" => <computed>
email_verification_subject: "" => <computed>
endpoint: "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>
lambda_config.#: "0" => <computed>
last_modified_date: "2018-12-19T04:49:06Z" => <computed>
mfa_configuration: "OFF" => "OFF"
name: "dev-admin-pool" => "dev-admin-pool"
password_policy.#: "1" => <computed>
schema.#: "0" => "1" (forces new resource)
schema.893014206.attribute_data_type: "" => "String" (forces new resource)
schema.893014206.developer_only_attribute: "" => ""
schema.893014206.mutable: "" => "true" (forces new resource)
schema.893014206.name: "" => "family_name" (forces new resource)
schema.893014206.number_attribute_constraints.#: "" => "0"
schema.893014206.required: "" => "true" (forces new resource)
schema.893014206.string_attribute_constraints.#: "" => "0"
verification_message_template.#: "1" => <computed>

-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)
id: "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)
allowed_oauth_flows.#: "2" => "2"
allowed_oauth_flows.2645166319: "code" => "code"
allowed_oauth_flows.3465961881: "implicit" => "implicit"
allowed_oauth_flows_user_pool_client: "true" => "true"
allowed_oauth_scopes.#: "2" => "2"
allowed_oauth_scopes.2517049750: "openid" => "openid"
allowed_oauth_scopes.881205744: "email" => "email"
callback_urls.#: "1" => "1"
callback_urls.0: "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"
client_secret: "" => <computed>
explicit_auth_flows.#: "2" => "2"
explicit_auth_flows.1860959087: "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"
explicit_auth_flows.245201344: "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"
generate_secret: "false" => "false"
name: "dev-admin-pool-client" => "dev-admin-pool-client"
refresh_token_validity: "30" => "30"
supported_identity_providers.#: "1" => "1"
supported_identity_providers.0: "COGNITO" => "COGNITO"
user_pool_id: "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)

-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)
id: "demo-dev" => <computed> (forces new resource)
aws_account_id: "" => <computed>
cloudfront_distribution_arn: "" => <computed>
domain: "demo-dev" => "demo-dev"
s3_bucket: "" => <computed>
user_pool_id: "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)
version: "" => <computed>


Exact error with terraform apply -



[...]
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)
module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)
module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s

Error: Error applying plan:

1 error(s) occurred:

* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:

* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.


Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.







amazon-cognito terraform terraform-provider-aws






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 2 at 22:49







nishant

















asked Jan 2 at 6:16









nishantnishant

63




63













  • Can you share the exact error messages you get after the set of steps you perform?

    – ydaetskcoR
    Jan 2 at 7:56











  • @ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.

    – nishant
    Jan 2 at 22:52





















  • Can you share the exact error messages you get after the set of steps you perform?

    – ydaetskcoR
    Jan 2 at 7:56











  • @ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.

    – nishant
    Jan 2 at 22:52



















Can you share the exact error messages you get after the set of steps you perform?

– ydaetskcoR
Jan 2 at 7:56





Can you share the exact error messages you get after the set of steps you perform?

– ydaetskcoR
Jan 2 at 7:56













@ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.

– nishant
Jan 2 at 22:52







@ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.

– nishant
Jan 2 at 22:52














1 Answer
1






active

oldest

votes


















0














Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54002030%2fhow-to-fix-cognito-user-pool-domain-destruction-with-terraform-so-the-user-pool%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.






    share|improve this answer




























      0














      Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.






      share|improve this answer


























        0












        0








        0







        Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.






        share|improve this answer













        Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 8 at 23:07









        nishantnishant

        63




        63
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54002030%2fhow-to-fix-cognito-user-pool-domain-destruction-with-terraform-so-the-user-pool%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            'app-layout' is not a known element: how to share Component with different Modules

            android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

            WPF add header to Image with URL pettitions [duplicate]