Terraform Core Version

1.1.7

AWS Provider Version

4.3.0

Affected Resource(s)

• aws_sns_platform_applications.

Expected Behavior

I'm using some aws_sns_platform_application resources to manage various push credentials, including APNS push credentials.

You normally use certificates for this, and these certificates expire after a while.
The value can be observed in the Attributes.AppleCertificateExpirationDate key.

Once the certificates expire, AWS sets Attributes.Enabled to false.

In terraform world, the platform_credential and platform_principal are used for the private key and certificate respectively.

I'd provide a privkey/certificate on these two keys. I'd expect Terraform to update the credentials whenever I change them, and in case the application got disabled due to the old certificate being expired, I'd expect it to re-enable the application.

Actual Behavior

There's some SNS Platform applications with an expiration date in the past, so it looks like the certificates didn't get updated, even though terraform shows state matches configuration. Also, some applications stayed disabled.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_sns_platform_application" "apns_application" {
  name                = "apns_application"
  platform            = "APNS"
  platform_credential = "<APNS PRIVATE KEY>"
  platform_principal  = "<APNS CERTIFICATE>"
}

Steps to Reproduce

• Create a SNS platform application with a soon-to-be-expired expiry date through terraform (or import it into terraform). terraform apply should show it has nothing to do.
• Wait for the certificate to expire, and observe AWS disabling the SNS platform application
• Renew the push credentials, and use terraform to update the certificates
• Observe if the certificates get updated or not, and if the platform applications get re-enabled or not.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None