Merge pull request #26684 from ReedSoftware/f-sns_region_sms_configur…

…ation_cognito_user_pool Feature: add sns_region to sms_configuration in aws_cognito_user_pool
hashicorp · Nov 15, 2022 · 31fb377 · 31fb377
2 parents 30e832a + c7c6d98
commit 31fb377
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 0 deletions.
diff --git a/.changelog/26684.txt b/.changelog/26684.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_cognito_user_pool: Add `sns_region` attribute to `sms_configuration` block
+```
diff --git a/internal/service/cognitoidp/user_pool.go b/internal/service/cognitoidp/user_pool.go
@@ -468,6 +468,12 @@ func ResourceUserPool() *schema.Resource {
 							Required:     true,
 							ValidateFunc: verify.ValidARN,
 						},
+						"sns_region": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							Computed:     true,
+							ValidateFunc: verify.ValidRegionName,
+						},
 					},
 				},
 			},
@@ -1292,6 +1298,10 @@ func expandSMSConfiguration(tfList []interface{}) *cognitoidentityprovider.SmsCo
 		apiObject.SnsCallerArn = aws.String(v)
 	}
 
+	if v, ok := tfMap["sns_region"].(string); ok && v != "" {
+		apiObject.SnsRegion = aws.String(v)
+	}
+
 	return apiObject
 }
 
@@ -1326,6 +1336,10 @@ func flattenSMSConfiguration(apiObject *cognitoidentityprovider.SmsConfiguration
 		tfMap["sns_caller_arn"] = aws.StringValue(v)
 	}
 
+	if v := apiObject.SnsRegion; v != nil {
+		tfMap["sns_region"] = aws.StringValue(v)
+	}
+
 	return []interface{}{tfMap}
 }
 

diff --git a/internal/service/cognitoidp/user_pool_test.go b/internal/service/cognitoidp/user_pool_test.go
@@ -636,6 +636,35 @@ func TestAccCognitoIDPUserPool_sms(t *testing.T) {
 	})
 }
 
+func TestAccCognitoIDPUserPool_SMS_snsRegion(t *testing.T) {
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	iamRoleResourceName := "aws_iam_role.test"
+	resourceName := "aws_cognito_user_pool.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(t); testAccPreCheckIdentityProvider(t) },
+		ErrorCheck:               acctest.ErrorCheck(t, cognitoidentityprovider.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckUserPoolDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccUserPoolConfig_smsConfigurationSNSRegion(rName, acctest.Region()),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "mfa_configuration", "OFF"),
+					resource.TestCheckResourceAttr(resourceName, "sms_configuration.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "sms_configuration.0.sns_region", acctest.Region()),
+					resource.TestCheckResourceAttrPair(resourceName, "sms_configuration.0.sns_caller_arn", iamRoleResourceName, "arn"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func TestAccCognitoIDPUserPool_SMS_externalID(t *testing.T) {
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
 	iamRoleResourceName := "aws_iam_role.test"
@@ -1828,6 +1857,20 @@ resource "aws_cognito_user_pool" "test" {
 `, rName, externalID))
 }
 
+func testAccUserPoolConfig_smsConfigurationSNSRegion(rName string, snsRegion string) string {
+	return acctest.ConfigCompose(testAccUserPoolSMSConfigurationConfig_base(rName, "test"), fmt.Sprintf(`
+resource "aws_cognito_user_pool" "test" {
+  name = %[1]q
+
+  sms_configuration {
+    external_id    = "test"
+    sns_caller_arn = aws_iam_role.test.arn
+    sns_region     = %[2]q
+  }
+}
+`, rName, snsRegion))
+}
+
 func testAccUserPoolConfig_smsConfigurationSNSCallerARN2(rName string) string {
 	return acctest.ConfigCompose(testAccUserPoolSMSConfigurationConfig_base(rName+"-2", "test"), fmt.Sprintf(`
 resource "aws_cognito_user_pool" "test" {

diff --git a/website/docs/r/cognito_user_pool.markdown b/website/docs/r/cognito_user_pool.markdown
@@ -32,6 +32,7 @@ resource "aws_cognito_user_pool" "example" {
   sms_configuration {
     external_id    = "example"
     sns_caller_arn = aws_iam_role.example.arn
+    sns_region     = "us-east-1"
   }
 
   software_token_mfa_configuration {
@@ -205,6 +206,7 @@ resource "aws_cognito_user_pool" "example" {
 
 * `external_id` - (Required) External ID used in IAM role trust relationships. For more information about using external IDs, see [How to Use an External ID When Granting Access to Your AWS Resources to a Third Party](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html).
 * `sns_caller_arn` - (Required) ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
+* `sns_region` - (Optional) The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see [SMS message settings for Amazon Cognito user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html).
 
 ### software_token_mfa_configuration