From ab52d5e81658d6df7c01951d1781fda16797d1e9 Mon Sep 17 00:00:00 2001
From: Nikolay Kolev <nikolay@users.noreply.github.com>
Date: Wed, 24 Aug 2022 13:48:25 -0700
Subject: [PATCH 1/2] fix: don't force users to reset passwords (#244)

Resolves #244

Works around https://github.com/hashicorp/terraform-provider-aws/issues/23567
---
 modules/iam-user/main.tf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/iam-user/main.tf b/modules/iam-user/main.tf
index 1ebe8f82..c11c25a0 100644
--- a/modules/iam-user/main.tf
+++ b/modules/iam-user/main.tf
@@ -16,6 +16,10 @@ resource "aws_iam_user_login_profile" "this" {
   pgp_key                 = var.pgp_key
   password_length         = var.password_length
   password_reset_required = var.password_reset_required
+
+  lifecycle {
+    ignore_changes = [password_reset_required]
+  }
 }
 
 resource "aws_iam_access_key" "this" {

From c3c1c54ae3b3be9d440ef0113a0123e3e92fe3b6 Mon Sep 17 00:00:00 2001
From: Nikolay Kolev <nikolay@users.noreply.github.com>
Date: Thu, 25 Aug 2022 01:52:04 -0700
Subject: [PATCH 2/2] docs: Link the upstream issue to the workaround

---
 modules/iam-user/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/iam-user/main.tf b/modules/iam-user/main.tf
index c11c25a0..792de767 100644
--- a/modules/iam-user/main.tf
+++ b/modules/iam-user/main.tf
@@ -17,6 +17,7 @@ resource "aws_iam_user_login_profile" "this" {
   password_length         = var.password_length
   password_reset_required = var.password_reset_required
 
+  # TODO: Remove once https://github.com/hashicorp/terraform-provider-aws/issues/23567 is resolved
   lifecycle {
     ignore_changes = [password_reset_required]
   }