Unable to Set Authenticated and Unauthenticated Role at the Same Time in Cognito Identity Pool #25330
Labels
bug
Addresses a defect in current functionality.
service/cognitoidentity
Issues and PRs that pertain to the cognitoidentity service.
service/cognitoidp
Issues and PRs that pertain to the cognitoidp service.
service/iam
Issues and PRs that pertain to the iam service.
Community Note
Terraform CLI and Terraform AWS Provider Version
Terraform v1.2.2
on darwin_arm64
Affected Resource(s)
Terraform Configuration Files
Debug Output
First Run Error: https://gist.github.com/przemeklach/d98cf6270a678a4f71b32828395444e8
Expected Behavior
Both the authenticated and unauthenticated roles are set to the roles I defined in the Identity Pool.
Actual Behavior
Only one of the roles gets set.
Steps to Reproduce
On the first run, or any run where I manually set the roles in aws console to empty or to the desired roles, on a subsequent terraform apply run I get an error "Error creating Cognito Identity Pool Roles Association: ConcurrentModificationException: Only one request to update resource type Identity Pool can be processed at a time". Full output linked in Debug Output section".
This leaves the pool in bad state where only one of the two roles is selected. On subsequent terraform apply it will just cause a flip e.g: if authenticated role was set and unauthenticated was unset it will unset the authenticated role and set the authenticated role. From this point forward if you keep running terraform apply it will just keep flipping back and forth.
The text was updated successfully, but these errors were encountered: