-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement]: aws_cognito_user_pool: enable lambda_version for pre_token_generation #35007
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
In the meantime, I created a script that I execute as a post job once my infrastructure is deployed (terraform apply) #!/usr/bin/env bash
set -euo pipefail
# TODO: temporary measure until https://github.com/hashicorp/terraform-provider-aws/issues/35007 is resolved
USER_POOL_NAME=<YOUR_USERPOOL_NAME>
USER_POOL_ID=$(aws cognito-idp list-user-pools --max-results 1 --query "UserPools[?Name=='${USER_POOL_NAME}'].Id" --output json | jq -r '.[0]')
CURRENT_CONFIG=$(aws cognito-idp describe-user-pool --user-pool-id "${USER_POOL_ID}" | jq -r '.UserPool')
UPDATED_CONFIG=$CURRENT_CONFIG
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.Id)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.Name)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.Status)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.Arn)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.CreationDate)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.LastModifiedDate)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.CustomDomain)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.Domain)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.EmailConfigurationFailure)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.SmsConfigurationFailure)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.EstimatedNumberOfUsers)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.SchemaAttributes)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.UsernameAttributes)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.UsernameConfiguration)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq 'del(.AdminCreateUserConfig)')
UPDATED_CONFIG=$(echo "${UPDATED_CONFIG}" | jq '.LambdaConfig.PreTokenGenerationConfig.LambdaVersion = "V2_0"')
aws cognito-idp update-user-pool --user-pool-id "${USER_POOL_ID}" --cli-input-json "${UPDATED_CONFIG}" References: |
Hey @lorchda 👋 Thank you for taking the time to raise this! As a heads up, we consider adding additional functionality to existing resources to be an enhancement, so I've adjusted the labels as such. |
Hey @justinretzolk 👋🏾 I made the PR #35236 adding this enhancement, could you please take a look and give me feedback if needed? |
Thanks for the reference @SamuelCabralCruz, I used a shorter version of what you posted, if it helps anyone. Also changed CURRENT_COGNITO_CONFIG=$(aws cognito-idp describe-user-pool --user-pool-id "${USER_POOL_ID}" | jq -r '.UserPool')
# Strip the config, as described in https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-updating.html#cognito-user-pool-updating-api-cli
STRIPPED_COGNITO_CONFIG=$(echo "${CURRENT_COGNITO_CONFIG}" | jq 'del(.Arn, .CreationDate, .CustomDomain, .Domain, .EmailConfigurationFailure, .EstimatedNumberOfUsers, .Id, .LastModifiedDate, .Name, .SchemaAttributes, .SmsConfigurationFailure, .Status, .AliasAttributes, .AdminCreateUserConfig.UnusedAccountValidityDays)')
UPDATED_COGNITO_CONFIG=$(echo "${STRIPPED_COGNITO_CONFIG}" | jq '.LambdaConfig.PreTokenGenerationConfig = {"LambdaVersion": "V2_0", "LambdaArn": .LambdaConfig.PreTokenGeneration}')
aws cognito-idp update-user-pool --user-pool-id "${USER_POOL_ID}" --cli-input-json "${UPDATED_COGNITO_CONFIG}" |
This functionality has been released in v5.41.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Terraform Core Version
1.5.3
AWS Provider Version
5.31.0
Affected Resource(s)
Expected Behavior
Amazon Cognito introduced a new User pool trigger version V2_0 for the pre token generation Lambda:
In the AWS Console, this corresponds to:
Expected behavior: I can use the new V2_0 event version.
Actual Behavior
The TF provider sets the default version V1_0.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
aws_cognito_user_pool
resourcepre_token_generation
attributeDebug Output
No response
Panic Output
No response
Important Factoids
No response
References
Amazon Cognito introduced a new User pool trigger version V2_0 for the pre token generation Lambda:
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: