Deploy fail when there is a duplicate user

Terraform CDK for Terraform
1

Hello, i’m currently trying to handle the Users creations with the CDK, here is my code snippet

#!/usr/bin/env python
from constructs import Construct
from cdktf import App, TerraformStack, TerraformOutput
from cdktf_cdktf_provider_aws.provider import AwsProvider
from cdktf_cdktf_provider_aws.iam_user import IamUser

class UserCreationStack(TerraformStack):
    def __init__(self, scope: Construct, ns: str):
        super().__init__(scope, ns)

        AwsProvider(self, "AWS", region="eu-west-3", profile="user-terraform")
        
        group_policies = GetJsonContent('group_user_policies.json')
        created_users = []
        for group in group_policies:
            for user in group_policies[group]["users"]:
                created_users.append(IamUser(self, user+'_'+group, name=user, path="/"))
        
        TerraformOutput(self, "list of users",
                        value=created_users,
                        )

def GetJsonContent(filename: str) -> None:
    """
    """
    import json

    with open(filename) as content:
        json_content = json.load(content)

    content.close()
    return json_content


app = App()
stack = UserCreationStack(app, "learn-cdktf-aws")

app.synth()

and here is the content of my.json file :

{
    "dev": {
        "users" : ["alice", "bob", "charlie", "dan", "erin", "frank"],
        "policies" : ["s3ReaderPolicy", "s3DeleterPolicy"]
    },
    "exploit" : {
        "users" : ["dave", "grace", "yvan", "judy", "li", "olivia"],
        "policies" : ["s3ReaderPolicy", "s3DeleterPolicy"]
    },
    "to-remove-reader-only": {
        "users" : ["bob"],
        "policies" : ["s3ReaderPolicy"]
    },
    "to-remove-deleter-only" : {
        "users" : ["bob"],
        "policies" : ["s3DeleterPolicy"]
    }
}

So now when i’m running the cdktf apply command i have the following error :

learn-cdktf-aws  ╷
                 │ Error: creating IAM User (bob): EntityAlreadyExists: User with name bob already exists.
                 │      status code: 409, request id: e9be8da1-027b-4bdd-b1dd-271878c54385
                 │ 
                 │   with aws_iam_user.bob_to-remove-deleter-only (bob_to-remove-deleter-only),
                 │   on cdk.tf.json line 73, in resource.aws_iam_user.bob_to-remove-deleter-only (bob_to-remove-deleter-only):
                 │   73:       },
                 │ 
                 ╵
learn-cdktf-aws  ╷
                 │ Error: creating IAM User (bob): EntityAlreadyExists: User with name bob already exists.
                 │      status code: 409, request id: ed5147fe-61ae-4e30-b038-850d63b153b2
                 │ 
                 │   with aws_iam_user.bob_to-remove-reader-only (bob_to-remove-reader-only),
                 │   on cdk.tf.json line 83, in resource.aws_iam_user.bob_to-remove-reader-only (bob_to-remove-reader-only):
                 │   83:       },
                 │ 
                 ╵


0 Stacks deploying     1 Stack done     0 Stacks waiting
Invoking Terraform CLI failed with exit code 1

and my question is the following, is this supposed to be the right behavior ?
Because i did the same things with some plain terraform and i don’t have this error at all.

Thank you for your time,

2

I think this could be the problem, IAM user names are unique so if you did the same with the same names in terraform already these users might exist already. You would need to use a different name or remove the users from your previous terraform work through terraform destroy.

3

They where removed, i destroyed every ressources and launched the cdktf after.
What i meant with the sentence was that i ran the terraform apply command twice in a row the first time he creates the users and the 2nd time he just “check” if its created and since its created he does nothing so i don’t end up with this error output.