DOCS: Change aws_iam_user_login_profile's encrypted_password text.

[sierra-alpha]

Description

There is a descrepency between the docs and observed behaviour for aws_iam_user_login_profile's encrypted_password. Unfortunatly I don't know any golang so can't have a crack at changing the implementation but I can change the docs to save others time with this in the future.

This is to make the docs align with observed behaviour of not "only applies on resource creation" but on all terraform applys.

This also provides documentation of an interim work around. I read this as maybe a not good practise in the Contributing Guide so I'm willing to modify this, but we should at least provide a hint for how to use this without it trying to be re-applied every time a user has changed their password from the initial one.

I'm open to any wording or formatting changes and happy for a maintainer to make changes as they see fit to this PR, the only thing that is needed is for the docs to align with the resources behaviour.

Relations

Relates #23567

References

Steps to reproduce the reasoning for this documentation change.

1. Use terraform config:

variable "developers" {
  description = "A list of objects of developers usernames and their public PGP key to setup."
  type        = set(object({ user-name : string, their-public-pgp-key : string }))
}

resource "aws_iam_user" "iam-users-developers" {
  for_each = { for obj in var.developers : obj.user-name => obj }

  name = each.value.user-name
}

resource "aws_iam_user_login_profile" "iam-login-developers" {
  depends_on = [aws_iam_user.iam-users-developers]
  for_each   = { for obj in var.developers : obj.user-name => obj }

  user                    = each.value.user-name
  pgp_key                 = each.value.their-public-pgp-key
  password_reset_required = true
}

2. terraform apply it.
3. Log into the AWS console as this new user.
4. Change the password as required.
5. Perform a terraform plan and see that it's showing destroy and create on the user.
6. (Optionally) terraform apply and see that you need to use the new pgp encrypted password to log into the user.

Output from Acceptance Testing

Documentation change so doesn't require tests?

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[github-actions]

Welcome @sierra-alpha 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

[sierra-alpha]

So I read the contributing guide etc before submitting this PR, is there anything else I need to do from my end to get this looked at?

[justinretzolk]

Hey @sierra-alpha 👋 Thank you for taking the time to raise this! I'm going to bring this up to the team, so no further action needed from you at this point.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.