You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running terraform plan I always see changes to provider_details. If I change identity_providers variable to sensitive = false then I can see that ActiveEncryptionCertificate is being changed from null to the encryption cert generated for my user pool:
# module.cognito.aws_cognito_identity_provider.identity_provider[0] will be updated in-place
~ resource "aws_cognito_identity_provider" "identity_provider" {
id = "eu-west-2_hrcJfpRjv:ThriveGoogle"
~ provider_details = {
- "ActiveEncryptionCertificate" = "MIICvDCCAaSgAwIBAgII....." -> null
# (5 unchanged elements hidden)
}
# (5 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Great module!
I am using this to create a SAML identity provider in my user pool like this:
When running terraform plan I always see changes to
provider_details
. If I changeidentity_providers
variable tosensitive = false
then I can see thatActiveEncryptionCertificate
is being changed fromnull
to the encryption cert generated for my user pool:If I add this value to
provider_details
then the plan shows no changes but as it's different value for every user pool it's a bit of a pain to add this to every environment. Also, according to the docs these signing and encryption certs get regenerated every year so it's gonna be a bit of a pain to maintain:https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html
Looks like I can get the current signing certificate with this data source but not the encryption cert:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cognito_user_pool_signing_certificate
I'm wondering if the best thing to do is add
provider_details
to theignore_changes
lifecycle block as was done withschemas
here:#130
The text was updated successfully, but these errors were encountered: