[Bug]: Lakeformation SELECT table permission always creates a new one, and resource is not written to statefile after applying

[ctrongminh]

Terraform Core Version

v1.3.6

AWS Provider Version

4.46.0

Affected Resource(s)

aws_lakeformation_permissions with lf_tag_policy

Expected Behavior

1. Everytime we run terraform plan / apply, the aws lakeformation permission should not create a new permission with permission SELECT, resource type TABLE.
2. When we run the terraform destroy, this permission SELECT and resource type TABLE should be destroyed.
3. The aws_lakeformation_permissions with permission SELECT / resource type TABLE should be stored in the remote statefile.

I think the root cause is the resource is not stored in the statefile which cause the recreation of the resource.

Actual Behavior

1. Everytime we run terraform plan / apply, the aws lakeformation permission keeps creating a new permission with permission SELECT, resource type TABLE.
2. Also when we run the terraform destroy, this permission SELECT and resource type TABLE is not destroyed. The output of "terraform destroy" returns no changes.
3. I also check the remote statefile, and I do not see the aws_lakeformation_permissions with permission SELECT / resource type TABLE in the statefile.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_lakeformation_permissions" "lf_tag_policy" {
  principal                       = var.role_arn
  permissions                 = "SELECT"
  permissions_with_grant_option = []

  lf_tag_policy {
    resource_type = "TABLE"

    expression {
      content {
        key    = "A"
        values = ["true"]
      }
    }
  }
}

Steps to Reproduce

1. Create the tf file like above.
2. Input the account id
3. Setup lakeformation database / table / lftags.
4. Run terraform plan, then apply
5. Run terraform plan, and apply again (second time)
6. Check the remote statefile (or local statefile)

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Potentially related: #28448 Related: #19862