How to fix cognito user pool domain destruction with terraform so the user pool could be re-created?

1

I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:

InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.

Terraform version: 0.11.11

aws provider version: 1.52.0

I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'

resource "aws_cognito_user_pool" "admin_cognito_pool" {

  name = "dev-admin-pool"

  alias_attributes    = ["email"]

  auto_verified_attributes = ["email"]

  admin_create_user_config = {

    allow_admin_create_user_only = true

  }

}



resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {

  name = "dev-admin-pool-client"

  user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"

  generate_secret     = false

...

}



resource "aws_cognito_user_pool_domain" "admin_cognito_domain" { 

  domain       = "demo-dev"

  user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}" 

}

Above code will create user pool, user pool client, user pool domain successfully.

Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply

resource "aws_cognito_user_pool" "admin_cognito_pool" {

  name = "dev-admin-pool"

  alias_attributes    = ["email"]

  auto_verified_attributes = ["email"]

  admin_create_user_config = {

    allow_admin_create_user_only = true

  }

  schema  = [

    {

      attribute_data_type = "String",

      name                = "family_name",

      required            = true,

      mutable             = true,

      string_attribute_constraints {

          min_length = 6

          max_length = 32

      }

    },            

  ]

}

Terraform plan:

-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)

      id:                                                      "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)

      admin_create_user_config.#:                              "1" => "1"

      admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"

      admin_create_user_config.0.unused_account_validity_days: "7" => "7"

      alias_attributes.#:                                      "" => "1" (forces new resource)

      alias_attributes.881205744:                              "" => "email" (forces new resource)

      arn:                                                     "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>

      auto_verified_attributes.#:                              "1" => "1"

      auto_verified_attributes.881205744:                      "email" => "email"

      creation_date:                                           "2018-12-19T04:49:06Z" => <computed>

      email_verification_message:                              "" => <computed>

      email_verification_subject:                              "" => <computed>

      endpoint:                                                "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>

      lambda_config.#:                                         "0" => <computed>

      last_modified_date:                                      "2018-12-19T04:49:06Z" => <computed>

      mfa_configuration:                                       "OFF" => "OFF"

      name:                                                    "dev-admin-pool" => "dev-admin-pool"

      password_policy.#:                                       "1" => <computed>

      schema.#:                                                "0" => "1" (forces new resource)

      schema.893014206.attribute_data_type:                    "" => "String" (forces new resource)

      schema.893014206.developer_only_attribute:               "" => ""

      schema.893014206.mutable:                                "" => "true" (forces new resource)

      schema.893014206.name:                                   "" => "family_name" (forces new resource)

      schema.893014206.number_attribute_constraints.#:         "" => "0"

      schema.893014206.required:                               "" => "true" (forces new resource)

      schema.893014206.string_attribute_constraints.#:         "" => "0"

      verification_message_template.#:                         "1" => <computed>



-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)

      id:                                                      "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)

      allowed_oauth_flows.#:                                   "2" => "2"

      allowed_oauth_flows.2645166319:                          "code" => "code"

      allowed_oauth_flows.3465961881:                          "implicit" => "implicit"

      allowed_oauth_flows_user_pool_client:                    "true" => "true"

      allowed_oauth_scopes.#:                                  "2" => "2"

      allowed_oauth_scopes.2517049750:                         "openid" => "openid"

      allowed_oauth_scopes.881205744:                          "email" => "email"

      callback_urls.#:                                         "1" => "1"

      callback_urls.0:                                         "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"

      client_secret:                                           "" => <computed>

      explicit_auth_flows.#:                                   "2" => "2"

      explicit_auth_flows.1860959087:                          "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"

      explicit_auth_flows.245201344:                           "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"

      generate_secret:                                         "false" => "false"

      name:                                                    "dev-admin-pool-client" => "dev-admin-pool-client"

      refresh_token_validity:                                  "30" => "30"

      supported_identity_providers.#:                          "1" => "1"

      supported_identity_providers.0:                          "COGNITO" => "COGNITO"

      user_pool_id:                                            "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)



-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)

      id:                                                      "demo-dev" => <computed> (forces new resource)

      aws_account_id:                                          "" => <computed>

      cloudfront_distribution_arn:                             "" => <computed>

      domain:                                                  "demo-dev" => "demo-dev"

      s3_bucket:                                               "" => <computed>

      user_pool_id:                                            "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)

      version:                                                 "" => <computed>

Exact error with terraform apply -

[...]

module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)

module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)

module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s



Error: Error applying plan:



1 error(s) occurred:



* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:



* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.

- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.

Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.

amazon-cognito terraform terraform-provider-aws

share|improve this question

edited Jan 2 at 22:49

nishant

asked Jan 2 at 6:16

nishantnishant

63

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can you share the exact error messages you get after the set of steps you perform?
  
  – ydaetskcoR
  Jan 2 at 7:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.
  
  – nishant
  Jan 2 at 22:52
  
  
  

  
  
  
  

add a comment | 

1

I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:

InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.

Terraform version: 0.11.11

aws provider version: 1.52.0

I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'

resource "aws_cognito_user_pool" "admin_cognito_pool" {

  name = "dev-admin-pool"

  alias_attributes    = ["email"]

  auto_verified_attributes = ["email"]

  admin_create_user_config = {

    allow_admin_create_user_only = true

  }

}



resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {

  name = "dev-admin-pool-client"

  user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"

  generate_secret     = false

...

}



resource "aws_cognito_user_pool_domain" "admin_cognito_domain" { 

  domain       = "demo-dev"

  user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}" 

}

Above code will create user pool, user pool client, user pool domain successfully.

Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply

resource "aws_cognito_user_pool" "admin_cognito_pool" {

  name = "dev-admin-pool"

  alias_attributes    = ["email"]

  auto_verified_attributes = ["email"]

  admin_create_user_config = {

    allow_admin_create_user_only = true

  }

  schema  = [

    {

      attribute_data_type = "String",

      name                = "family_name",

      required            = true,

      mutable             = true,

      string_attribute_constraints {

          min_length = 6

          max_length = 32

      }

    },            

  ]

}

Terraform plan:

-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)

      id:                                                      "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)

      admin_create_user_config.#:                              "1" => "1"

      admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"

      admin_create_user_config.0.unused_account_validity_days: "7" => "7"

      alias_attributes.#:                                      "" => "1" (forces new resource)

      alias_attributes.881205744:                              "" => "email" (forces new resource)

      arn:                                                     "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>

      auto_verified_attributes.#:                              "1" => "1"

      auto_verified_attributes.881205744:                      "email" => "email"

      creation_date:                                           "2018-12-19T04:49:06Z" => <computed>

      email_verification_message:                              "" => <computed>

      email_verification_subject:                              "" => <computed>

      endpoint:                                                "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>

      lambda_config.#:                                         "0" => <computed>

      last_modified_date:                                      "2018-12-19T04:49:06Z" => <computed>

      mfa_configuration:                                       "OFF" => "OFF"

      name:                                                    "dev-admin-pool" => "dev-admin-pool"

      password_policy.#:                                       "1" => <computed>

      schema.#:                                                "0" => "1" (forces new resource)

      schema.893014206.attribute_data_type:                    "" => "String" (forces new resource)

      schema.893014206.developer_only_attribute:               "" => ""

      schema.893014206.mutable:                                "" => "true" (forces new resource)

      schema.893014206.name:                                   "" => "family_name" (forces new resource)

      schema.893014206.number_attribute_constraints.#:         "" => "0"

      schema.893014206.required:                               "" => "true" (forces new resource)

      schema.893014206.string_attribute_constraints.#:         "" => "0"

      verification_message_template.#:                         "1" => <computed>



-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)

      id:                                                      "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)

      allowed_oauth_flows.#:                                   "2" => "2"

      allowed_oauth_flows.2645166319:                          "code" => "code"

      allowed_oauth_flows.3465961881:                          "implicit" => "implicit"

      allowed_oauth_flows_user_pool_client:                    "true" => "true"

      allowed_oauth_scopes.#:                                  "2" => "2"

      allowed_oauth_scopes.2517049750:                         "openid" => "openid"

      allowed_oauth_scopes.881205744:                          "email" => "email"

      callback_urls.#:                                         "1" => "1"

      callback_urls.0:                                         "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"

      client_secret:                                           "" => <computed>

      explicit_auth_flows.#:                                   "2" => "2"

      explicit_auth_flows.1860959087:                          "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"

      explicit_auth_flows.245201344:                           "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"

      generate_secret:                                         "false" => "false"

      name:                                                    "dev-admin-pool-client" => "dev-admin-pool-client"

      refresh_token_validity:                                  "30" => "30"

      supported_identity_providers.#:                          "1" => "1"

      supported_identity_providers.0:                          "COGNITO" => "COGNITO"

      user_pool_id:                                            "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)



-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)

      id:                                                      "demo-dev" => <computed> (forces new resource)

      aws_account_id:                                          "" => <computed>

      cloudfront_distribution_arn:                             "" => <computed>

      domain:                                                  "demo-dev" => "demo-dev"

      s3_bucket:                                               "" => <computed>

      user_pool_id:                                            "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)

      version:                                                 "" => <computed>

Exact error with terraform apply -

[...]

module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)

module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)

module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s



Error: Error applying plan:



1 error(s) occurred:



* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:



* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.

- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.

Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.

amazon-cognito terraform terraform-provider-aws

share|improve this question

edited Jan 2 at 22:49

nishant

asked Jan 2 at 6:16

nishantnishant

63

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can you share the exact error messages you get after the set of steps you perform?
  
  – ydaetskcoR
  Jan 2 at 7:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.
  
  – nishant
  Jan 2 at 22:52
  
  
  

  
  
  
  

add a comment | 

1

1

1

I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:

InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.

Terraform version: 0.11.11

aws provider version: 1.52.0

I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'

resource "aws_cognito_user_pool" "admin_cognito_pool" {

  name = "dev-admin-pool"

  alias_attributes    = ["email"]

  auto_verified_attributes = ["email"]

  admin_create_user_config = {

    allow_admin_create_user_only = true

  }

}



resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {

  name = "dev-admin-pool-client"

  user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"

  generate_secret     = false

...

}



resource "aws_cognito_user_pool_domain" "admin_cognito_domain" { 

  domain       = "demo-dev"

  user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}" 

}

Above code will create user pool, user pool client, user pool domain successfully.

Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply

resource "aws_cognito_user_pool" "admin_cognito_pool" {

  name = "dev-admin-pool"

  alias_attributes    = ["email"]

  auto_verified_attributes = ["email"]

  admin_create_user_config = {

    allow_admin_create_user_only = true

  }

  schema  = [

    {

      attribute_data_type = "String",

      name                = "family_name",

      required            = true,

      mutable             = true,

      string_attribute_constraints {

          min_length = 6

          max_length = 32

      }

    },            

  ]

}

Terraform plan:

-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)

      id:                                                      "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)

      admin_create_user_config.#:                              "1" => "1"

      admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"

      admin_create_user_config.0.unused_account_validity_days: "7" => "7"

      alias_attributes.#:                                      "" => "1" (forces new resource)

      alias_attributes.881205744:                              "" => "email" (forces new resource)

      arn:                                                     "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>

      auto_verified_attributes.#:                              "1" => "1"

      auto_verified_attributes.881205744:                      "email" => "email"

      creation_date:                                           "2018-12-19T04:49:06Z" => <computed>

      email_verification_message:                              "" => <computed>

      email_verification_subject:                              "" => <computed>

      endpoint:                                                "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>

      lambda_config.#:                                         "0" => <computed>

      last_modified_date:                                      "2018-12-19T04:49:06Z" => <computed>

      mfa_configuration:                                       "OFF" => "OFF"

      name:                                                    "dev-admin-pool" => "dev-admin-pool"

      password_policy.#:                                       "1" => <computed>

      schema.#:                                                "0" => "1" (forces new resource)

      schema.893014206.attribute_data_type:                    "" => "String" (forces new resource)

      schema.893014206.developer_only_attribute:               "" => ""

      schema.893014206.mutable:                                "" => "true" (forces new resource)

      schema.893014206.name:                                   "" => "family_name" (forces new resource)

      schema.893014206.number_attribute_constraints.#:         "" => "0"

      schema.893014206.required:                               "" => "true" (forces new resource)

      schema.893014206.string_attribute_constraints.#:         "" => "0"

      verification_message_template.#:                         "1" => <computed>



-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)

      id:                                                      "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)

      allowed_oauth_flows.#:                                   "2" => "2"

      allowed_oauth_flows.2645166319:                          "code" => "code"

      allowed_oauth_flows.3465961881:                          "implicit" => "implicit"

      allowed_oauth_flows_user_pool_client:                    "true" => "true"

      allowed_oauth_scopes.#:                                  "2" => "2"

      allowed_oauth_scopes.2517049750:                         "openid" => "openid"

      allowed_oauth_scopes.881205744:                          "email" => "email"

      callback_urls.#:                                         "1" => "1"

      callback_urls.0:                                         "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"

      client_secret:                                           "" => <computed>

      explicit_auth_flows.#:                                   "2" => "2"

      explicit_auth_flows.1860959087:                          "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"

      explicit_auth_flows.245201344:                           "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"

      generate_secret:                                         "false" => "false"

      name:                                                    "dev-admin-pool-client" => "dev-admin-pool-client"

      refresh_token_validity:                                  "30" => "30"

      supported_identity_providers.#:                          "1" => "1"

      supported_identity_providers.0:                          "COGNITO" => "COGNITO"

      user_pool_id:                                            "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)



-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)

      id:                                                      "demo-dev" => <computed> (forces new resource)

      aws_account_id:                                          "" => <computed>

      cloudfront_distribution_arn:                             "" => <computed>

      domain:                                                  "demo-dev" => "demo-dev"

      s3_bucket:                                               "" => <computed>

      user_pool_id:                                            "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)

      version:                                                 "" => <computed>

Exact error with terraform apply -

[...]

module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)

module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)

module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s



Error: Error applying plan:



1 error(s) occurred:



* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:



* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.

- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.

Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.

amazon-cognito terraform terraform-provider-aws

share|improve this question

edited Jan 2 at 22:49

nishant

asked Jan 2 at 6:16

nishantnishant

63

I am creating Cognito User Pool, User Pool client and domain with terraform.
If there is a update to cognito user pool (e.g. attributes), terraform needs to destroy and re-create the three resources, however terraform apply fails with error during destroy of aws_cognito_user_pool_domain:

InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.

Terraform version: 0.11.11

aws provider version: 1.52.0

I have tried manually deleting the domain and running terraform plan/apply but then it fails with 'InvalidParameterException: No such domain or user pool exists.'

resource "aws_cognito_user_pool" "admin_cognito_pool" {

  name = "dev-admin-pool"

  alias_attributes    = ["email"]

  auto_verified_attributes = ["email"]

  admin_create_user_config = {

    allow_admin_create_user_only = true

  }

}



resource "aws_cognito_user_pool_client" "admin_cognito_pool_client" {

  name = "dev-admin-pool-client"

  user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}"

  generate_secret     = false

...

}



resource "aws_cognito_user_pool_domain" "admin_cognito_domain" { 

  domain       = "demo-dev"

  user_pool_id = "${aws_cognito_user_pool.admin_cognito_pool.id}" 

}

Above code will create user pool, user pool client, user pool domain successfully.

Next, modify aws_cognito_user_pool in the above code and run terraform plan/apply

resource "aws_cognito_user_pool" "admin_cognito_pool" {

  name = "dev-admin-pool"

  alias_attributes    = ["email"]

  auto_verified_attributes = ["email"]

  admin_create_user_config = {

    allow_admin_create_user_only = true

  }

  schema  = [

    {

      attribute_data_type = "String",

      name                = "family_name",

      required            = true,

      mutable             = true,

      string_attribute_constraints {

          min_length = 6

          max_length = 32

      }

    },            

  ]

}

Terraform plan:

-/+ module.aws-383.aws_cognito_user_pool.admin_cognito_pool (new resource required)

      id:                                                      "ap-southeast-2_CFPLxLl5A" => <computed> (forces new resource)

      admin_create_user_config.#:                              "1" => "1"

      admin_create_user_config.0.allow_admin_create_user_only: "true" => "true"

      admin_create_user_config.0.unused_account_validity_days: "7" => "7"

      alias_attributes.#:                                      "" => "1" (forces new resource)

      alias_attributes.881205744:                              "" => "email" (forces new resource)

      arn:                                                     "arn:aws:cognito-idp:ap-southeast-2:xxxxxxxx:userpool/ap-southeast-2_CFPLxLl5A" => <computed>

      auto_verified_attributes.#:                              "1" => "1"

      auto_verified_attributes.881205744:                      "email" => "email"

      creation_date:                                           "2018-12-19T04:49:06Z" => <computed>

      email_verification_message:                              "" => <computed>

      email_verification_subject:                              "" => <computed>

      endpoint:                                                "cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_CFPLxLl5A" => <computed>

      lambda_config.#:                                         "0" => <computed>

      last_modified_date:                                      "2018-12-19T04:49:06Z" => <computed>

      mfa_configuration:                                       "OFF" => "OFF"

      name:                                                    "dev-admin-pool" => "dev-admin-pool"

      password_policy.#:                                       "1" => <computed>

      schema.#:                                                "0" => "1" (forces new resource)

      schema.893014206.attribute_data_type:                    "" => "String" (forces new resource)

      schema.893014206.developer_only_attribute:               "" => ""

      schema.893014206.mutable:                                "" => "true" (forces new resource)

      schema.893014206.name:                                   "" => "family_name" (forces new resource)

      schema.893014206.number_attribute_constraints.#:         "" => "0"

      schema.893014206.required:                               "" => "true" (forces new resource)

      schema.893014206.string_attribute_constraints.#:         "" => "0"

      verification_message_template.#:                         "1" => <computed>



-/+ module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client (new resource required)

      id:                                                      "2tsed339bl6ds4437n1h0hasr4" => <computed> (forces new resource)

      allowed_oauth_flows.#:                                   "2" => "2"

      allowed_oauth_flows.2645166319:                          "code" => "code"

      allowed_oauth_flows.3465961881:                          "implicit" => "implicit"

      allowed_oauth_flows_user_pool_client:                    "true" => "true"

      allowed_oauth_scopes.#:                                  "2" => "2"

      allowed_oauth_scopes.2517049750:                         "openid" => "openid"

      allowed_oauth_scopes.881205744:                          "email" => "email"

      callback_urls.#:                                         "1" => "1"

      callback_urls.0:                                         "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/" => "https://qnq2ds22xg.execute-api.ap-southeast-2.amazonaws.com/staging/admin-portal/redirectUrl/"

      client_secret:                                           "" => <computed>

      explicit_auth_flows.#:                                   "2" => "2"

      explicit_auth_flows.1860959087:                          "USER_PASSWORD_AUTH" => "USER_PASSWORD_AUTH"

      explicit_auth_flows.245201344:                           "ADMIN_NO_SRP_AUTH" => "ADMIN_NO_SRP_AUTH"

      generate_secret:                                         "false" => "false"

      name:                                                    "dev-admin-pool-client" => "dev-admin-pool-client"

      refresh_token_validity:                                  "30" => "30"

      supported_identity_providers.#:                          "1" => "1"

      supported_identity_providers.0:                          "COGNITO" => "COGNITO"

      user_pool_id:                                            "ap-southeast-2_CFPLxLl5A" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)



-/+ module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (new resource required)

      id:                                                      "demo-dev" => <computed> (forces new resource)

      aws_account_id:                                          "" => <computed>

      cloudfront_distribution_arn:                             "" => <computed>

      domain:                                                  "demo-dev" => "demo-dev"

      s3_bucket:                                               "" => <computed>

      user_pool_id:                                            "" => "${aws_cognito_user_pool.admin_cognito_pool.id}" (forces new resource)

      version:                                                 "" => <computed>

Exact error with terraform apply -

[...]

module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destroying... (ID: 2tsed339bl6ds4437n1h0hasr4)

module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain: Destroying... (ID: demo-dev)

module.aws-383.aws_cognito_user_pool_client.admin_cognito_pool_client: Destruction complete after 0s



Error: Error applying plan:



1 error(s) occurred:



* module.aws-383.aws_cognito_user_pool_domain.admin_cognito_domain (destroy): 1 error(s) occurred:



* aws_cognito_user_pool_domain.admin_cognito_domain: InvalidParameter: 1 validation error(s) found.

- minimum field size of 1, DeleteUserPoolDomainInput.UserPoolId.

Terraform should be able to destroy cognito user pool domain which will allow the resources to be re-created.

amazon-cognito terraform terraform-provider-aws

amazon-cognito terraform terraform-provider-aws

share|improve this question

edited Jan 2 at 22:49

nishant

asked Jan 2 at 6:16

nishantnishant

63

share|improve this question

edited Jan 2 at 22:49

nishant

asked Jan 2 at 6:16

nishantnishant

63

share|improve this question

share|improve this question

edited Jan 2 at 22:49

nishant

edited Jan 2 at 22:49

nishant

edited Jan 2 at 22:49

nishant

asked Jan 2 at 6:16

nishantnishant

63

asked Jan 2 at 6:16

nishantnishant

63

asked Jan 2 at 6:16

nishantnishant

63

63

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can you share the exact error messages you get after the set of steps you perform?
  
  – ydaetskcoR
  Jan 2 at 7:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.
  
  – nishant
  Jan 2 at 22:52
  
  
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can you share the exact error messages you get after the set of steps you perform?
  
  – ydaetskcoR
  Jan 2 at 7:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.
  
  – nishant
  Jan 2 at 22:52
  
  
  

  
  
  
  

Can you share the exact error messages you get after the set of steps you perform?

– ydaetskcoR
Jan 2 at 7:56

Can you share the exact error messages you get after the set of steps you perform?

– ydaetskcoR
Jan 2 at 7:56

@ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.

– nishant
Jan 2 at 22:52

@ydaetskcoR thanks for replying. I have updated the description with the steps I am taking and exact error message returned. Please let me know your thoughts.

– nishant
Jan 2 at 22:52

add a comment | 

1 Answer
1

active

oldest

votes

0

Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.

share|improve this answer

answered Jan 8 at 23:07

nishantnishant

63

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54002030%2fhow-to-fix-cognito-user-pool-domain-destruction-with-terraform-so-the-user-pool%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

0

Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.

share|improve this answer

answered Jan 8 at 23:07

nishantnishant

63

add a comment | 

0

Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.

share|improve this answer

answered Jan 8 at 23:07

nishantnishant

63

add a comment | 

0

0

0

Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.

share|improve this answer

answered Jan 8 at 23:07

nishantnishant

63

Apparently, I had to manage deletion of user pool domain outside of terraform via aws cli and update terraform template to create user pool domain.

share|improve this answer

answered Jan 8 at 23:07

nishantnishant

63

share|improve this answer

share|improve this answer

answered Jan 8 at 23:07

nishantnishant

63

answered Jan 8 at 23:07

nishantnishant

63

answered Jan 8 at 23:07

nishantnishant

63

63

add a comment | 

add a comment | 

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question. Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.


• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54002030%2fhow-to-fix-cognito-user-pool-domain-destruction-with-terraform-so-the-user-pool%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Name

Name

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Name

Name

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

This page is only for reference, If you need detailed information, please check here