Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cognito User Groups are vulnerable to unintended deletion on list reordering #161

Open
catrielg opened this issue Jan 8, 2025 · 0 comments
Open

Cognito User Groups are vulnerable to unintended deletion on list reordering #161

catrielg opened this issue Jan 8, 2025 · 0 comments

Comments

@catrielg
Copy link
Contributor

catrielg commented Jan 8, 2025

Problem

The current Cognito user group implementation uses Terraform's count meta-argument with a list of groups. This makes the resources sensitive to list order changes, potentially causing unintended group deletions when the order is modified.

Impact

  • Accidental group deletions can occur during routine configuration updates
  • User group memberships are lost when groups are recreated
  • Potential service disruption for users relying on group-based permissions

Solution

A fix has been proposed in PR #160 which:

  • Switches from count to for_each using group names as stable identifiers
  • Maintains existing functionality while preventing order-based recreations
  • Includes migration steps to safely handle the transition
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@catrielg