aws_iam_user: terraform removes user data from remote states when changing user name

[ebarault]

Terraform Version

0.11.2

Affected Resource(s)

Please list the resources as a list, for example:

• aws_iam_user

Terraform Configuration Files

provider "aws" {
  version = "~> 1.6.0"
  allowed_account_ids = ["${var.allowed_account_id}"]
  region = "${var.region}"
}

terraform {
    backend = "s3"
    config {
      region = "eu-west-1"
      bucket = "tfstates"
      key = "user.tfstate"
      encrypt = true
      dynamodb_table = "locks"
    }
  }

resource "aws_iam_user" "user" {
  name          = "test"
  force_destroy = true
}

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply
2. change aws_iam_user resource attribute name to "test1"
3. terraform apply

Expected Behavior

What should have happened?

• user's name is updated in IAM dashboard
• remote state for user is updated in S3

Actual Behavior

What actually happened?

• user's name is updated in IAM dashboard
• remote state for the user resource is removed. The remote state file still exists but this part is gone:

// ...
                  "aws_iam_user.users.0": {
                    "type": "aws_iam_user",
                    "primary": {
                        "id": "test",
                        "attributes": {
                            "arn": "arn:aws:iam::123456789012:user/test",
                            "force_destroy": "true",
                            "id": "test",
                            "name": "test",
                            "path": "/",
                            "unique_id": "AIDAJ33KD3P7RGS3I73I2"
                        },
                        "meta": {},
                        "tainted": false
                    },
                    "deposed": [],
                    "provider": "provider.aws"
                }
// ...

Then when trying to apply again, a new user would be created since none exists in the remote states

[bflad]

Hi @ebarault, thank you for this bug report. Indeed it is the case that the provider is doing the wrong thing here with updating aws_iam_user resources, so sorry for the trouble. It just so happens this issue was already reported in #2303, so to consolidate the issues, I'm going to close this one in preference of the earlier one. We will be working on addressing the underlying issue right now, potentially in two phases since there are a few implementation caveats we'll need to address to do this correctly. Thanks for your patience and I'll keep the other issue updated as we go.

[bflad]

This has been released in terraform-provider-aws version 1.7.1. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!