[Bug]: Switching between "NONE" and "AWS_IAM" for aws_lambda_function_url does not update actual resources

[bactdam]

Terraform Core Version

1.2.2

AWS Provider Version

4.0

Affected Resource(s)

aws_lambda_function_url

Expected Behavior

Switching between NONE and AWS_IAM should update the Lamda function's resource-based policy statement in AWS accordingly.

Actual Behavior

When switching from NONE to AWS_IAM and vice versa, the Lambda function in AWS does NOT update its resource-based policy statement.

Relevant Error/Panic Output Snippet

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function_url.private_function_url will be updated in-place
  ~ resource "aws_lambda_function_url" "private_function_url" {
      ~ authorization_type = "AWS_IAM" -> "NONE"
        id                 = "abc-private-lambda"
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
aws_lambda_function_url.private_function_url: Modifying... [id=abc-private-lambda]
aws_lambda_function_url.private_function_url: Modifications complete after 0s [id=abc-private-lambda]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Terraform Configuration Files

data "archive_file" "private_function_file" {
  type             = "zip"
  source_file      = "${path.module}/src/dist/private.js"
  output_file_mode = "0666"
  output_path      = "${path.module}/src/dist/private.zip"
}

resource "aws_lambda_function" "private_lambda" {
  filename         = data.archive_file.private_function_file.output_path
  function_name    = "abc-private-lambda"
  role             = aws_iam_role.iam_for_private_lambda.arn
  handler          = "private.handler"
  source_code_hash = data.archive_file.private_function_file.output_base64sha256
  runtime          = "nodejs16.x"
}

resource "aws_lambda_function_url" "private_function_url" {
  function_name      = aws_lambda_function.private_lambda.function_name
  authorization_type = "NONE"
}

Steps to Reproduce

1. Apply the configuration above.
2. Change the authorization_type of aws_lambda_function_url resource to AWS_IAM
3. Re-apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.