existing lake formation permissions show as 'add' resources in plan

[simonB2020]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v0.13.5 aws v3.39.0

Affected Resource(s)

aws_lakeformation_permissions

Expected Behavior

Once the resource has been created (applied), it should not appear in PLAN again, as no change is required

Actual Behavior

Every instance of the resource is output in PLAN as a new resource.

1. Leaves the developer confused as to whether the permissions have been applied/changed or not.
2. Renders the plan extremely difficult to use - impossible to identify genuine resource changes when there are hundreds (potentially thousands) of lines of unnecessary output. (Genuine changes are easily missed)

      + database {
          + catalog_id = (known after apply)
          + name       = (known after apply)
        }

      + table {
          + catalog_id    = "123456789012"
          + database_name = "mydatabase"
          + name          = (known after apply)
          + wildcard      = true
        }

      + table_with_columns {
          + catalog_id            = (known after apply)
          + column_names          = (known after apply)
          + database_name         = (known after apply)
          + excluded_column_names = (known after apply)
          + name                  = (known after apply)
          + wildcard              = (known after apply)
        }
    }

Steps to Reproduce

resource "aws_lakeformation_permissions" "my_permissions" {
  principal  = data.aws_iam_role.myrole.arn
  table {
    catalog_id = <accountid>
    database_name = <mydatabasename>
    wildcard = true
  }
  permissions = ["DESCRIBE"]
  permissions_with_grant_option = []
}

1. terraform plan

[gdavison]

Hi @simonB2020. The terraform plan output is controlled by the terraform executable, not the provider. I see that you are using Terraform 0.13.5. We're currently at Terraform 1.0.4, and it has much improved plan output.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.