[Bug]: Recreation of `aws_security_group_rule` with dynamic dependency errors

Terraform Core Version

1.6.5

AWS Provider Version

5.28.0

Affected Resource(s)

aws_security_group_rule

Expected Behavior

The rule gets removed and recreated with new configuration.

Actual Behavior

Removal of the old rule errors out.

Relevant Error/Panic Output Snippet

aws_security_group_rule.example: Destroying... [id=sgrule-145722619]
╷
│ Error: revoking Security Group (sg-086a8fd96f2486191) Rule (sgrule-145722619): InvalidParameterValue: Invalid value '74d93920-ed26-11e3-ad10-0800200c9a66' for IP protocol. Unknown protocol.
│       status code: 400, request id: 64f3dd2a-6c29-3a46-9218-91d15a1f8820
│
│
╵

Terraform Configuration Files

variable "vpc_id" {
  type = string
}

variable "protocol" {
  type = object({
    type = string
    port = number
  })
  default = {
    type = "tcp"
    port = 80
  }
}

resource "terraform_data" "protocol" {
  input = var.protocol
}

resource "aws_security_group" "example" {
  name_prefix = "example"
  vpc_id      = var.vpc_id
}

resource "aws_security_group_rule" "example" {
  security_group_id = aws_security_group.example.id

  type      = "ingress"
  protocol  = terraform_data.protocol.output.type
  from_port = terraform_data.protocol.output.port
  to_port   = terraform_data.protocol.output.port

  cidr_blocks = ["0.0.0.0/0"]
}

Steps to Reproduce

terraform apply -var 'vpc_id=vpc-1234567890'
terraform apply -var 'vpc_id=vpc-1234567890' -var 'protocol={type="tcp",port=443}'

Debug Output

https://gist.github.com/tmatilai/09829bebadd663ef60ca3da42f518874

Panic Output

No response

Important Factoids

No response

References

Might be related to e.g. #33853, but filing as new issue because of the error and some UUID as protocol.

Would you like to implement a fix?

None

hashicorp / terraform-provider-aws

[Bug]: Recreation of `aws_security_group_rule` with dynamic dependency errors #34630