Terraform-provider-aws: Add aws_cognito_user resource

Created on 15 May 2018  路  4Comments  路  Source: hashicorp/terraform-provider-aws

Description

Currently the aws_cognito has an aws_cognito_user_group resource which represents a group of users. In the AWS IDP console there is an option to create a user, and assign it to groups. Currently terraform does not support it and it is needed to be created manually.

New or Affected Resource(s)

  • aws_cognito_user

References

image

enhancement new-resource serviccognito
Source
picture posener
👍52

Most helpful comment

Hello,

I was wondering if there are any updates on this? I'm facing a similar issue and tried a null_resource with local-exec workaround. However I'm using Terraform Cloud and it seems that the aws-cli is not available. Code:

resource "null_resource" "cognito_user" {
  count   = length(var.users)
  triggers = {
    user_pool_id = aws_cognito_user_pool.pool.id
  }

  provisioner "local-exec" {
    command = "aws cognito-idp admin-create-user --user-pool-id ${aws_cognito_user_pool.pool.id} --username ${element(var.users, count.index)}"
  }
}

Error output: "module.cognito.null_resource.cognito_user[0] (local-exec): /bin/sh: 1: aws: not found"

On my local machine I verified that the AWS cli is installed, but I do prefer using Terraform Cloud.

picture SidneyNiccolson on 16 Dec 2019
👍5

All 4 comments

Hello,

I was wondering if there are any updates on this? I'm facing a similar issue and tried a null_resource with local-exec workaround. However I'm using Terraform Cloud and it seems that the aws-cli is not available. Code:

resource "null_resource" "cognito_user" {
  count   = length(var.users)
  triggers = {
    user_pool_id = aws_cognito_user_pool.pool.id
  }

  provisioner "local-exec" {
    command = "aws cognito-idp admin-create-user --user-pool-id ${aws_cognito_user_pool.pool.id} --username ${element(var.users, count.index)}"
  }
}

Error output: "module.cognito.null_resource.cognito_user[0] (local-exec): /bin/sh: 1: aws: not found"

On my local machine I verified that the AWS cli is installed, but I do prefer using Terraform Cloud.

SidneyNiccolson picture SidneyNiccolson on 16 Dec 2019
👍5

You can install more software on the Terraform cloud workers although it is discouraged where you can avoid it. There's more information written up here.

tomelliff picture tomelliff on 17 Dec 2019

yeah, good luck when you have to delete users...

confiq picture confiq on 4 Feb 2020
😄2

my two cents here, just used the workaround above with some changes

resource aws_cognito_user_group this {
  for_each = toset(distinct(values(
    {
      for k, v in var.cognito_users :
      k => lookup(v, "group", "read-only")
    }
  )))
  name         = each.value
  user_pool_id = module.cognito.pool_id
}

resource null_resource cognito_users {
  depends_on = [aws_cognito_user_group.this]
  for_each = {
    for k, v in var.cognito_users :
    v.username => v
  }
  provisioner local-exec {
    command = "aws --region ${var.aws_region} cognito-idp admin-create-user --user-pool-id ${module.cognito.pool_id} --username ${each.key} --user-attributes Name=email,Value=${each.value.email}"
  }
  provisioner local-exec {
    command = "aws --region ${var.aws_region} cognito-idp admin-add-user-to-group --user-pool-id ${module.cognito.pool_id} --username ${each.key} --group-name ${lookup(each.value, "group", "read-only")}"
  }
  provisioner local-exec {
    when    = "destroy"
    command = "aws --region ${var.aws_region} cognito-idp admin-delete-user --user-pool-id ${module.cognito.pool_id} --username ${each.key}"
  }
}
RustamGimadiev picture RustamGimadiev on 20 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

joelittlejohn picture joelittlejohn  路  3Comments
blaltarriba picture blaltarriba  路  3Comments
gothrek22 picture gothrek22  路  3Comments
hashibot picture hashibot  路  3Comments
dvishniakov picture dvishniakov  路  3Comments