diff --git a/internal/service/cognitoidp/user_pool_domain.go b/internal/service/cognitoidp/user_pool_domain.go index f9c71fdcdda3..1fe6850e8b76 100644 --- a/internal/service/cognitoidp/user_pool_domain.go +++ b/internal/service/cognitoidp/user_pool_domain.go @@ -7,6 +7,7 @@ import ( "time" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -17,6 +18,15 @@ import ( "github.com/hashicorp/terraform-provider-aws/names" ) +// route53ZoneID defines the route 53 zone ID for CloudFront. This +// is used to set the zone_id attribute. +const route53ZoneID = "Z2FDTNDATAQYW2" + +// cnRoute53ZoneID defines the route 53 zone ID for CloudFront in AWS CN. +// This is used to set the zone_id attribute. +// ref: https://docs.amazonaws.cn/en_us/aws/latest/userguide/route53.html +const cnRoute53ZoneID = "Z3RFFRIM2A3IF5" + func ResourceUserPoolDomain() *schema.Resource { return &schema.Resource{ Create: resourceUserPoolDomainCreate, @@ -52,6 +62,10 @@ func ResourceUserPoolDomain() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "cloudfront_distribution_zone_id": { + Type: schema.TypeString, + Computed: true, + }, "s3_bucket": { Type: schema.TypeString, Computed: true, @@ -136,6 +150,15 @@ func resourceUserPoolDomainRead(d *schema.ResourceData, meta interface{}) error } d.Set("aws_account_id", desc.AWSAccountId) d.Set("cloudfront_distribution_arn", desc.CloudFrontDistribution) + + // override hosted_zone_id from flattenDistributionConfig + region := meta.(*conns.AWSClient).Region + if v, ok := endpoints.PartitionForRegion(endpoints.DefaultPartitions(), region); ok && v.ID() == endpoints.AwsCnPartitionID { + d.Set("cloudfront_distribution_zone_id", cnRoute53ZoneID) + } else { + d.Set("cloudfront_distribution_zone_id", route53ZoneID) + } + d.Set("s3_bucket", desc.S3Bucket) d.Set("user_pool_id", desc.UserPoolId) d.Set("version", desc.Version) diff --git a/internal/service/cognitoidp/user_pool_domain_test.go b/internal/service/cognitoidp/user_pool_domain_test.go index 5da97d4617c9..50db08474c91 100644 --- a/internal/service/cognitoidp/user_pool_domain_test.go +++ b/internal/service/cognitoidp/user_pool_domain_test.go @@ -35,6 +35,7 @@ func TestAccCognitoIDPUserPoolDomain_basic(t *testing.T) { resource.TestCheckResourceAttr("aws_cognito_user_pool.main", "name", poolName), resource.TestCheckResourceAttrSet("aws_cognito_user_pool_domain.main", "aws_account_id"), resource.TestCheckResourceAttrSet("aws_cognito_user_pool_domain.main", "cloudfront_distribution_arn"), + resource.TestCheckResourceAttr("aws_cognito_user_pool_domain.main", "cloudfront_distribution_zone_id", "Z2FDTNDATAQYW2"), resource.TestCheckResourceAttrSet("aws_cognito_user_pool_domain.main", "s3_bucket"), resource.TestCheckResourceAttrSet("aws_cognito_user_pool_domain.main", "version"), ), diff --git a/website/docs/r/cognito_user_pool_domain.markdown b/website/docs/r/cognito_user_pool_domain.markdown index da3149666050..5bdf0727190e 100644 --- a/website/docs/r/cognito_user_pool_domain.markdown +++ b/website/docs/r/cognito_user_pool_domain.markdown @@ -48,9 +48,8 @@ resource "aws_route53_record" "auth-cognito-A" { zone_id = data.aws_route53_zone.example.zone_id alias { evaluate_target_health = false - name = aws_cognito_user_pool_domain.main.cloudfront_distribution_arn - # This zone_id is fixed - zone_id = "Z2FDTNDATAQYW2" + name = aws_cognito_user_pool_domain.main.cloudfront_distribution_arn + zone_id = aws_cognito_user_pool_domain.main.cloudfront_distribution_zone_id } } ```