每次申请时都会重新创建 Terraform Cognito 用户池

Question

使用“模式”中的任何内容在 Terraform 中创建 aws_cognito_user_pool 会导致每次运行 Terraform 时重新创建用户池。我们想使用自定义属性，因此需要在架构中设置选项。

根据文档

“在定义 String 或 Number 的 attribute_data_type 时，需要相应的属性约束配置块（例如 string_attribute_constraints 或 number_attribute_contraints）以防止重新创建 Terraform 资源。此要求对于标准（例如名称、电子邮件）和自定义架构属性均适用。 ”

如果我理解正确，我还需要列出模式中的所有标准属性，以便我可以添加 string_attribute_contraints。

  resource "aws_cognito_user_pool" "pool" {
  count = "${var.user_pool_count}"
  name  = "${lookup(var.user_pool[count.index], "name")}"

  username_attributes      = ["email"]
  auto_verified_attributes = ["email"]

  schema = [
    {
      name                = "address"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "birthdate"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "email"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "family_name"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "gender"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "given_name"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "locale"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "middle_name"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "name"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "nickname"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "phone_number"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "picture"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "preferred_username"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "profile"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "zoneinfo"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
    {
      name                = "updated_at"
      attribute_data_type = "Number"

      number_attribute_constraints = {
        min_value = 1
      }
    },
    {
      name                = "website"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
      }
    },
  ]
}

With the above example, even though I have not added any custom attributes yet, it recreates the user pool on every run.

EDIT - Added gist link to Terraform plan as it would put me over the Stackoverflow character limit.
https://gist.github.com/mehstg/6bf22a35254a168c14b98af57f86ed85

Answer 1

该计划输出显示大多数规划属性缺少的max_length是在泳池架构属性设置约束：

      schema.1286155211.attribute_data_type:                       "" => "String" (forces new resource)
      schema.1286155211.developer_only_attribute:                  "" => ""
      schema.1286155211.mutable:                                   "" => ""
      schema.1286155211.name:                                      "" => "locale" (forces new resource)
      schema.1286155211.number_attribute_constraints.#:            "" => "0"
      schema.1286155211.required:                                  "" => ""
      schema.1286155211.string_attribute_constraints.#:            "" => "1" (forces new resource)
      schema.1286155211.string_attribute_constraints.0.max_length: "" => ""
      schema.1286155211.string_attribute_constraints.0.min_length: "" => "1" (forces new resource)
...
      schema.3812649078.developer_only_attribute:                  "false" => "false"
      schema.3812649078.mutable:                                   "false" => "false"
      schema.3812649078.name:                                      "locale" => "" (forces new resource)
      schema.3812649078.number_attribute_constraints.#:            "0" => "0"
      schema.3812649078.required:                                  "false" => "false"
      schema.3812649078.string_attribute_constraints.#:            "1" => "0" (forces new resource)
      schema.3812649078.string_attribute_constraints.0.max_length: "2048" => "" (forces new resource)
      schema.3812649078.string_attribute_constraints.0.min_length: "1" => "" (forces new resource)

Terraform 正在检测这种漂移并尝试更改您的用户池以匹配您的配置。不幸的是，用户池模式属性是不可变的，因此 Terraform 被迫销毁整个用户池并创建一个新的用户池。

添加缺少的约束应该可以解决这个问题。

resource "aws_cognito_user_pool" "pool" {
  count = var.user_pool_count
  name  = var.user_pool[count.index]["name"]

  username_attributes      = ["email"]
  auto_verified_attributes = ["email"]

  schema = [
    # ...
    {
      name                = "locale"
      attribute_data_type = "String"

      string_attribute_constraints = {
        min_length = 1
        max_length = 1
      }
    },
    # ...
  ]
}