Terraform regenerating resources when a new object is added to map

0
votes

I have a Terraform (pre 0.12) module that generates an Amazon Cognito user pool + a client and domain.

resource "aws_cognito_user_pool" "pool" {
  count = "${var.user_pool_count}"
  name  = "${lookup(var.user_pools[count.index], "name")}"

  username_attributes      = ["email"]
  auto_verified_attributes = ["email"]

  password_policy {
    minimum_length    = "${lookup(var.user_pools[count.index], "password_minimum_length")}"
    require_lowercase = "${lookup(var.user_pools[count.index], "password_require_lowercase")}"
    require_numbers   = "${lookup(var.user_pools[count.index], "password_require_numbers")}"
    require_symbols   = "${lookup(var.user_pools[count.index], "password_require_symbols")}"
    require_uppercase = "${lookup(var.user_pools[count.index], "password_require_uppercase")}"
  }

  verification_message_template = {
    default_email_option = "CONFIRM_WITH_LINK"
  }

  lambda_config = {
    pre_token_generation = "${var.lambda_pre_token_generation}"
    custom_message       = "${var.lambda_custom_message}"
  }

  email_configuration = {
    reply_to_email_address = "${lookup(var.user_pools[count.index], "reply_to_email_address")}"
    source_arn             = "${lookup(var.user_pools[count.index], "source_arn")}"
    email_sending_account  = "${lookup(var.user_pools[count.index], "email_sending_account")}"
  }

  schema = [
    < REDACTED >
  ]
}

resource "aws_cognito_user_pool_client" "client" {
  count               = "${var.user_pool_count}"
  name                = "${lookup(var.user_pools[count.index], "name")}"
  user_pool_id        = "${element(aws_cognito_user_pool.pool.*.id,count.index)}"
  explicit_auth_flows = ["ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH"]
}

resource "aws_cognito_user_pool_domain" "main" {
  count        = "${var.user_pool_count}"
  domain       = "${lookup(var.user_pools[count.index], "domain")}"
  user_pool_id = "${element(aws_cognito_user_pool.pool.*.id,count.index)}"
}

This accepts a list of maps called user_pools to define the Cognito user pools required. Unfortunately, when I add a new map with the definition of a new pool in it, Terraform forces the recreation of aws_cognito_user_pool_client and aws_cognito_user_pool_domain for all pools. This appears to be because it sees a change in:

user_pool_id: "eu-west-1_R8SDX8Yqj" => "${element(aws_cognito_user_pool.pool.*.id,count.index)}" (forces new resource)

I am assuming this is because Terraform is seeing a change in aws_cognito_user_pool.pool.*.id and forcing the recreation. Can anyone explain how to get around this? It is suboptimal for me to have all of my domains and clients regenerated.

1
amazon-web-servicesterraformamazon-cognitoterraform-provider-aws

1 Answers

0
votes

For anyone reading this. I found the following issue on Github - https://github.com/hashicorp/terraform/issues/14357

Changing my syntax to the following appeared to fix it.

user_pool_id = "${aws_cognito_user_pool.pool.*.id[count.index]}"