I have a pretty straightforward terraform file for a cognito user pool:
provider "aws" {
region = "us-east-1" # Specify your desired region
}
resource "aws_cognito_user_pool" "main_user_pool" {
name = "main_user_pool"
account_recovery_setting {
recovery_mechanism {
name = "verified_email"
priority = 1
}
recovery_mechanism {
name = "verified_phone_number"
priority = 2
}
}
# Define the attributes for the user pool
schema {
name = "email"
attribute_data_type = "String"
mutable = true
required = true
}
password_policy = {
minimum_length = 6
require_lowercase = true
require_numbers = true
require_symbols = true
require_uppercase = true
}
email_configuration {
email_sending_account = "COGNITO_DEFAULT"
}
auto_verified_attributes = ["email"]
username_attributes = ["email"]
username_configuration {
case_sensitive = true
}
schema {
name = "password"
attribute_data_type = "String"
mutable = true
required = true
}
}
Running terraform plan gives me:
Error: Unsupported argument
│
│ on cognitoPool.tf line 29, in resource "aws_cognito_user_pool" "main_user_pool":
│ 29: password_policy = {
│
│ An argument named "password_policy" is not expected here. Did you mean to define a block of type "password_policy"?
This doesn't make sense because 1. I can see in the documentation that this is a valid argument block and 2. The error says password_policy is not expected so instead I should try password_policy? Its the same thing?
Terraform-provider-aws_v5.36.0_x5 is my terraform version.
From docs:
(Optional) Configuration block for information about the user pool password policy.
password_policy is a block not argument, so it should be (no =):
password_policy {
minimum_length = 6
require_lowercase = true
require_numbers = true
require_symbols = true
require_uppercase = true
}