Terraform re-creating awscc_appflow_connector_profile

[matharuajay]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the Cloudformation Open Coverage Roadmap.

Description

I am trying to create awscc_appflow_connector_profile for app-flow. However everytime i run plan or apply terraform is re-creating the resource stating changes in KMS. Even though nothing changed. Below are more details about the env and issue.

Terraform CLI and Terraform AWS Cloud Control Provider Version

Terraform v1.0.8
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v3.62.0
+ provider registry.terraform.io/hashicorp/awscc v0.2.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/time v0.7.2

Affected Resource(s)

• awscc_appflow_connector_profile

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

data "aws_kms_key" "appflow" {
  key_id = "alias/aws/appflow"
}

resource "awscc_appflow_connector_profile" "ga_appflow_source_connector_profile" {
  connection_mode = "Public"
  connector_profile_name = "ga_appflow_source_connector_profile"
  connector_type = "Googleanalytics"
  kms_arn = data.aws_kms_key.appflow.arn

  connector_profile_config = {
    connector_profile_credentials = {
      "google_analytics" = {
        access_token = data.aws_ssm_parameter.access_token.value
        client_id = data.aws_ssm_parameter.client_id.value
        client_secret = data.aws_ssm_parameter.client_secret.value
        refresh_token = data.aws_ssm_parameter.refresh_token.value
        connector_o_auth_request = {
          auth_code = data.aws_ssm_parameter.auth_code.value
          redirect_uri = "https://${var.region}.console.aws.amazon.com/appflow/oauth"
        }
      }
    }
  }

  lifecycle {
    ignore_changes = [
      kms_arn,
    ]
  }
}

Output

  # awscc_appflow_connector_profile.ga_appflow_source_connector_profile must be replaced
-/+ resource "awscc_appflow_connector_profile" "ga_appflow_source_connector_profile" {
      ~ connector_profile_arn    = <existing arn> -> (known after apply)
      + credentials_arn          = (known after apply)
      ~ id                       = "ga_appflow_source_connector_profile" -> (known after apply)
      + kms_arn                  = <arn of default aws appflow kms> # forces replacement
        # (4 unchanged attributes hidden)
    }

Expected Behavior

Terraform should not detect any changes in awscc_appflow_connector_profile resource.

Actual Behavior

Terraform is replacing the awscc_appflow_connector_profile resource.

[ewbankkit]

Related: #218.

[nemanja-dentalmedia]

How do you set access_token and refresh_token? Meaning they expire in 1hour, would that not break the flow if run after 1 hour?