[Bug]: elasticache_user_group returns an error when user is deleted #43281
Description
Terraform and AWS Provider Version
Terraform Version
1.12.2
AWS Provider Version
6.0.0
Affected Resource(s) or Data Source(s)
aws_elasticache_user_groupaws_elasticache_user
Expected Behavior
User group should be updated with the new user ids (and without the removed used id) without returning an error. This slows down infrastructure deployments where user rotations are frequent and requires retries.
Actual Behavior
Plan: - are removed users and + are users to be created and added to group
# aws_elasticache_user_group.default will be updated in-place
~ resource "aws_elasticache_user_group" "default" {
id = "ug-37ec29e4a63f"
tags = {}
~ user_ids = [
- "user-ug-37ec29e4a63f-1-id",
- "user-ug-37ec29e4a63f-10-id",
- "user-ug-37ec29e4a63f-11-id",
- "user-ug-37ec29e4a63f-12-id",
- "user-ug-37ec29e4a63f-13-id",
- "user-ug-37ec29e4a63f-14-id",
- "user-ug-37ec29e4a63f-15-id",
- "user-ug-37ec29e4a63f-16-id",
- "user-ug-37ec29e4a63f-17-id",
- "user-ug-37ec29e4a63f-18-id",
- "user-ug-37ec29e4a63f-19-id",
- "user-ug-37ec29e4a63f-2-id",
- "user-ug-37ec29e4a63f-20-id",
- "user-ug-37ec29e4a63f-21-id",
- "user-ug-37ec29e4a63f-22-id",
- "user-ug-37ec29e4a63f-23-id",
- "user-ug-37ec29e4a63f-24-id",
- "user-ug-37ec29e4a63f-25-id",
- "user-ug-37ec29e4a63f-26-id",
- "user-ug-37ec29e4a63f-27-id",
- "user-ug-37ec29e4a63f-28-id",
- "user-ug-37ec29e4a63f-29-id",
- "user-ug-37ec29e4a63f-3-id",
- "user-ug-37ec29e4a63f-4-id",
- "user-ug-37ec29e4a63f-5-id",
- "user-ug-37ec29e4a63f-6-id",
- "user-ug-37ec29e4a63f-7-id",
- "user-ug-37ec29e4a63f-8-id",
- "user-ug-37ec29e4a63f-9-id",
+ "user-ug-37ec29e4a63f-1-id-2",
+ "user-ug-37ec29e4a63f-10-id-2",
+ "user-ug-37ec29e4a63f-11-id-2",
+ "user-ug-37ec29e4a63f-12-id-2",
+ "user-ug-37ec29e4a63f-13-id-2",
+ "user-ug-37ec29e4a63f-14-id-2",
+ "user-ug-37ec29e4a63f-15-id-2",
+ "user-ug-37ec29e4a63f-16-id-2",
+ "user-ug-37ec29e4a63f-17-id-2",
+ "user-ug-37ec29e4a63f-18-id-2",
+ "user-ug-37ec29e4a63f-19-id-2",
+ "user-ug-37ec29e4a63f-2-id-2",
+ "user-ug-37ec29e4a63f-20-id-2",
+ "user-ug-37ec29e4a63f-21-id-2",
+ "user-ug-37ec29e4a63f-22-id-2",
+ "user-ug-37ec29e4a63f-23-id-2",
+ "user-ug-37ec29e4a63f-24-id-2",
+ "user-ug-37ec29e4a63f-25-id-2",
+ "user-ug-37ec29e4a63f-26-id-2",
+ "user-ug-37ec29e4a63f-27-id-2",
+ "user-ug-37ec29e4a63f-28-id-2",
+ "user-ug-37ec29e4a63f-29-id-2",
+ "user-ug-37ec29e4a63f-3-id-2",
+ "user-ug-37ec29e4a63f-4-id-2",
+ "user-ug-37ec29e4a63f-5-id-2",
+ "user-ug-37ec29e4a63f-6-id-2",
+ "user-ug-37ec29e4a63f-7-id-2",
+ "user-ug-37ec29e4a63f-8-id-2",
+ "user-ug-37ec29e4a63f-9-id-2",
# (1 unchanged element hidden)
]
# (5 unchanged attributes hidden)
}
Apply:
╷
│ Error: updating ElastiCache User Group ("ug-37ec29e4a63f"): operation error ElastiCache: ModifyUserGroup, https response error StatusCode: 400, RequestID: 60169049-9fd1-461b-a8a8-ab000e022ddc, InvalidParameterValue: User user-ug-37ec29e4a63f-8-id is not a member of user group ug-37ec29e4a63f.
│
│ with aws_elasticache_user_group.default,
│ on main.tf line 64, in resource "aws_elasticache_user_group" "default":
│ 64: resource "aws_elasticache_user_group" "default" {
│
╵
Relevant Error/Panic Output
╷
│ Error: updating ElastiCache User Group ("ug-37ec29e4a63f"): operation error ElastiCache: ModifyUserGroup, https response error StatusCode: 400, RequestID: 60169049-9fd1-461b-a8a8-ab000e022ddc, InvalidParameterValue: User user-ug-37ec29e4a63f-8-id is not a member of user group ug-37ec29e4a63f.
│
│ with aws_elasticache_user_group.default,
│ on main.tf line 64, in resource "aws_elasticache_user_group" "default":
│ 64: resource "aws_elasticache_user_group" "default" {
│
╵
Since the user is already deleted, TF should acknowledge instead of returning error.
Sample Terraform Configuration
Click to expand configuration
Steps to Reproduce
- Create large number of users and add it to a user group
- Rotate users (to replicate, simply change id and name)
- Apply changes
Debug Logging
Click to expand log output
GenAI / LLM Assisted Development
n/a
Important Facts and References
No response
Would you like to implement a fix?
Yes