Max size of html_body in Cognito Risk config is 20000, not 2000

[TakumiHaruta]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v1.2.2
on darwin_arm64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v4.20.1

Your version of Terraform is out of date! The latest version
is 1.2.3. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s)

• aws_cognito_risk_configuration | Resources | hashicorp/aws | Terraform Registry

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

resource "aws_cognito_risk_configuration" "main" {
  user_pool_id = var.user_pool_id

  account_takeover_risk_configuration {
    actions {
      high_action {
        event_action = "NO_ACTION"
        notify       = true
      }
      medium_action {
        event_action = "NO_ACTION"
        notify       = false
      }
      low_action {
        event_action = "NO_ACTION"
        notify       = false
      }
    }
    notify_configuration {
      from       = "no-reply@example.com"
      reply_to   = "no-reply@example.com"
      source_arn = var.email_configuration_source_arn
      no_action_email {
        subject   = "Security Alert"
        html_body = file("${path.module}/custom_email/login_attempts.min.html")
        text_body = "We detected an unrecognized sign-in to your account with this information: Time: {login-time}"
      }
    }
  }

  compromised_credentials_risk_configuration {
    actions {
      event_action = "NO_ACTION"
    }

    event_filter = ["SIGN_IN", "SIGN_UP", "PASSWORD_CHANGE"]
  }
}

Debug Output

Panic Output

Expected Behavior

The maximum length of html_body is supposed to be 20000, not 2000.
Please refer to the line below;

https://github.com/hashicorp/terraform-provider-aws/blob/v4.21.0/internal/service/cognitoidp/risk_configuration.go#L176

All other ValidateFunc: validation.StringLenBetween(6, 2000) in risk_configuration.go is supposed to be ValidateFunc: validation.StringLenBetween(6, 20000) as well

Actual Behavior

I got the error when the length of html_body is over 2,000;

Error: expected length of account_takeover_risk_configuration.0.notify_configuration.0.no_action_email.0.html_body to be in the range (6 - 2000), got <html><head> <meta charset="UTF-8"> <meta content="width=device-width, initial-scale=1" name="viewport"> <meta name="x-apple-disable-message-reformatting"> ...

Steps to Reproduce

1. Place large HTML file at ${path.module}/custom_email/login_attempts.min.html
2. terraform plan

Important Factoids

References

• NotifyEmailType - Amazon Cognito

HtmlBody
The email HTML body.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 20000.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]+
Required: No

• AWS Cognito User Pool Doesn't Support Advanced Security Features #7007
• r/cognito_risk_configuration - new resource #25282

[github-actions]

This functionality has been released in v4.22.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.