Terraform-provider-aws: Cognito required attributes are not writable

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.7

• provider.aws v1.17.0

Affected Resource(s)

• aws_cognito_user_pool
• aws_cognito_user_pool_client

Terraform Configuration Files

resource "aws_cognito_user_pool" "main" {
  name = "app_env"

  schema {
    attribute_data_type = "String"
    name                = "name"
    required            = true
  }

  schema {
    attribute_data_type = "String"
    name                = "email"
    required            = true
  }

  # extra options
  ...
}

resource "aws_cognito_user_pool_client" "web" {
  name = "web"
  user_pool_id = "${aws_cognito_user_pool.main.id}"

  read_attributes = ["name", "email"]
  write_attributes = ["name", "email"]

  # extra options
  ...
}

Expected Behavior

Required attributes in cognito are writable by default and calls to cognito API methods should allow modification.

Actual Behavior

Attributes are set as writable visually in "App Client" -> "Set attribute read and write permissions" but the are not behaving as writable when calling the cognito API method to modify them:
AWSCognitoIdentityProviderService.UpdateUserAttributes

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html

Error response:
{
"__type": "InvalidParameterException",
"message": "Invalid user attributes: name: Attribute cannot be updated.\n"
}

Important Factoids

When creating the user pool using amazon console, attributes are writable and calls to AWSCognitoIdentityProviderService.UpdateUserAttributes are working.