Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: add sns_region to sms_configuration in aws_cognito_user_pool #26684

Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/26684.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/cognitoidp/user_pool: Add sns_region to sms_configuration
```
1 change: 1 addition & 0 deletions examples/cognito-user-pool/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ resource "aws_cognito_user_pool" "pool" {
sms_configuration {
external_id = "12345"
sns_caller_arn = aws_iam_role.cidp.arn
sns_region = "us-east-1"
}

tags = {
Expand Down
13 changes: 13 additions & 0 deletions internal/service/cognitoidp/user_pool.go
Original file line number Diff line number Diff line change
Expand Up @@ -463,6 +463,11 @@ func ResourceUserPool() *schema.Resource {
Required: true,
ValidateFunc: verify.ValidARN,
},
"sns_region": {
Type: schema.TypeString,
Optional: true,
ReedSoftware marked this conversation as resolved.
Show resolved Hide resolved
ValidateFunc: verify.ValidRegionName,
},
},
},
},
Expand Down Expand Up @@ -1230,6 +1235,10 @@ func expandSMSConfiguration(tfList []interface{}) *cognitoidentityprovider.SmsCo
apiObject.SnsCallerArn = aws.String(v)
}

if v, ok := tfMap["sns_region"].(string); ok && v != "" {
apiObject.SnsRegion = aws.String(v)
}

return apiObject
}

Expand Down Expand Up @@ -1264,6 +1273,10 @@ func flattenSMSConfiguration(apiObject *cognitoidentityprovider.SmsConfiguration
tfMap["sns_caller_arn"] = aws.StringValue(v)
}

if v := apiObject.SnsRegion; v != nil {
tfMap["sns_region"] = aws.StringValue(v)
}

return []interface{}{tfMap}
}

Expand Down
48 changes: 48 additions & 0 deletions internal/service/cognitoidp/user_pool_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -603,6 +603,35 @@ func TestAccCognitoIDPUserPool_sms(t *testing.T) {
})
}

func TestAccCognitoIDPUserPool_SMS_snsRegion(t *testing.T) {
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
iamRoleResourceName := "aws_iam_role.test"
resourceName := "aws_cognito_user_pool.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { acctest.PreCheck(t); testAccPreCheckIdentityProvider(t) },
ErrorCheck: acctest.ErrorCheck(t, cognitoidentityprovider.EndpointsID),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
CheckDestroy: testAccCheckUserPoolDestroy,
Steps: []resource.TestStep{
{
Config: testAccUserPoolConfig_smsConfigurationSnsRegion(rName, "us-east-1"),
ReedSoftware marked this conversation as resolved.
Show resolved Hide resolved
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttr(resourceName, "mfa_configuration", "OFF"),
resource.TestCheckResourceAttr(resourceName, "sms_configuration.#", "1"),
resource.TestCheckResourceAttr(resourceName, "sms_configuration.0.sns_region", "foobar"),
ReedSoftware marked this conversation as resolved.
Show resolved Hide resolved
resource.TestCheckResourceAttrPair(resourceName, "sms_configuration.0.sns_caller_arn", iamRoleResourceName, "arn"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccCognitoIDPUserPool_SMS_externalID(t *testing.T) {
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
iamRoleResourceName := "aws_iam_role.test"
Expand Down Expand Up @@ -1691,6 +1720,7 @@ resource "aws_cognito_user_pool" "test" {
sms_configuration {
external_id = "test"
sns_caller_arn = aws_iam_role.test.arn
sns_region = "us-east-1"
ReedSoftware marked this conversation as resolved.
Show resolved Hide resolved
}
}
`, rName)
Expand All @@ -1705,6 +1735,7 @@ resource "aws_cognito_user_pool" "test" {
sms_configuration {
external_id = "test"
sns_caller_arn = aws_iam_role.test.arn
sns_region = "us-east-1"
}

software_token_mfa_configuration {
Expand Down Expand Up @@ -1744,11 +1775,26 @@ resource "aws_cognito_user_pool" "test" {
sms_configuration {
external_id = %[2]q
sns_caller_arn = aws_iam_role.test.arn
sns_region = "us-east-1"
}
}
`, rName, externalID)
}

func testAccUserPoolConfig_smsConfigurationSnsRegion(rName string, snsRegion string) string {
return testAccUserPoolSMSConfigurationBaseConfig(rName, snsRegion) + fmt.Sprintf(`
ReedSoftware marked this conversation as resolved.
Show resolved Hide resolved
resource "aws_cognito_user_pool" "test" {
name = %[1]q

sms_configuration {
external_id = "test"
sns_caller_arn = aws_iam_role.test.arn
sns_region = %[2]q
}
}
`, rName, snsRegion)
}

func testAccUserPoolConfig_smsConfigurationSNSCallerARN2(rName string) string {
return testAccUserPoolSMSConfigurationBaseConfig(rName+"-2", "test") + fmt.Sprintf(`
resource "aws_cognito_user_pool" "test" {
Expand All @@ -1757,6 +1803,7 @@ resource "aws_cognito_user_pool" "test" {
sms_configuration {
external_id = "test"
sns_caller_arn = aws_iam_role.test.arn
sns_region = "us-east-1"
}
}
`, rName)
Expand Down Expand Up @@ -2335,6 +2382,7 @@ resource "aws_cognito_user_pool" "test" {
sms_configuration {
external_id = data.aws_caller_identity.current.account_id
sns_caller_arn = aws_iam_role.test.arn
sns_region = "us-east-1"
}
}
`, name, mfaconfig, smsAuthMsg)
Expand Down
4 changes: 4 additions & 0 deletions website/docs/r/cognito_user_pool.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ resource "aws_cognito_user_pool" "example" {
sms_configuration {
external_id = "example"
sns_caller_arn = aws_iam_role.example.arn
sns_region = "us-east-1"
}

software_token_mfa_configuration {
Expand Down Expand Up @@ -203,6 +204,9 @@ resource "aws_cognito_user_pool" "example" {

* `external_id` - (Required) External ID used in IAM role trust relationships. For more information about using external IDs, see [How to Use an External ID When Granting Access to Your AWS Resources to a Third Party](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html).
* `sns_caller_arn` - (Required) ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
* `sns_region` - (Optional) The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see [SMS message settings for Amazon Cognito user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html).



### software_token_mfa_configuration

Expand Down