Updating the schema is not recognized

[Waschnick]

Adding a new entry to schemas or string_schemas is not recognised. Output: No changes. Infrastructure is up-to-date.

If I rename the user_pool_name the changes list the new attributes.

module "aws_cognito_user_pool_qrcg_users" {
  source = "lgallard/cognito-user-pool/aws"

  user_pool_name           = "qrcg-users"
  auto_verified_attributes = ["email"]
  username_attributes      = ["email"]

  admin_create_user_config_allow_admin_create_user_only = false

  domain = "qrcg-auth-service"

  email_configuration = {
    email_sending_account  = "DEVELOPER"
    reply_to_email_address = var.cognito_sender_email_email
    source_arn             = var.cognito_sender_email_arn
    from_email_address     = "${var.cognito_sender_email_name} <${var.cognito_sender_email_email}>"
  }

  client_allowed_oauth_flows                  = ["code", "implicit"]
  client_allowed_oauth_flows_user_pool_client = true
  client_allowed_oauth_scopes                 = ["email", "openid", "profile"]
  client_callback_urls                        = ["${module.app.app_url}/", "http://localhost:3000/"]
  client_default_redirect_uri                 = "${module.app.app_url}/"
  client_generate_secret                      = false
  client_logout_urls                          = ["${module.app.app_url}/logout", "http://localhost:3000/"]
  client_name                                 = var.app_name
  client_refresh_token_validity               = 60
  client_supported_identity_providers         = ["Google"]
  client_prevent_user_existence_errors        = "ENABLED"
  client_write_attributes                     = ["email"]
  client_read_attributes                      = ["email"]

  lambda_config_custom_message = module.lambda_cognito_custom_message_hook.this_lambda_function_arn

  schemas = [
    // This one is new
    {
      attribute_data_type      = "Boolean"
      developer_only_attribute = true
      mutable                  = true
      name                     = "xyz-abc"
      required                 = false
    }
  ]

  string_schemas = [
    {
      attribute_data_type      = "String"
      developer_only_attribute = false
      mutable                  = true
      name                     = "email"
      required                 = true

      string_attribute_constraints = {
        min_length = 4
        max_length = 500
      }
    },
    // This one is also new
    {
      attribute_data_type      = "String"
      developer_only_attribute = false
      mutable                  = true
      name                     = "industry"
      required                 = false

      string_attribute_constraints = {
        min_length = 0
        max_length = 10
      }
    }
  ]

  recovery_mechanisms = [
    {
      name     = "verified_email"
      priority = 1
    },
  ]
}

[lgallard]

@Waschnick there's an open issue for the provider here, which forces the pool recreation when adding new attributes.

In fact, PR #28 disabled schema change recognition through an ignore lifecycle to avoid this behavior, until there's an official fix in the AWS provider.

I should document this in the README file, in the known issues.

[lgallard]

@Waschnick I updated the README to reflect the main issue and the current module behavior!

[Waschnick]

That's a very long thread they have going on there. Thank you for the link, I actually also stumbled about it while googling around. In Nov'20 they (Hashicorp) said, they have this issue on their roadmap. Let's see and hope for the best.

[Waschnick]

Hey @lgallard this was also addressed recently: https://github.com/hashicorp/terraform-provider-aws/blob/v3.35.0/CHANGELOG.md

"resource/aws_cognito_user_pool: Allow schema items to be added without recreating resource. " with this PR hashicorp/terraform-provider-aws#18512

[lgallard]

@Waschnick Release 0.10.2 removed the lifecycle that prevented the schema update