[Bug]: Parameter Group: TLS Enabled Reset to Null on Every DocumentDB Run

[prashant0085]

Terraform Core Version

1.6.3

AWS Provider Version

5.26.0

Affected Resource(s)

aws_docdb_cluster_parameter_group

Expected Behavior

Terraform Plan should not have shown any changes to aws_docdb_cluster_parameter_group is it not being touched or modified.

Actual Behavior

On every Terraform Run we see below change in TLS parameter:

module.docdb.aws_docdb_cluster_parameter_group.default[0] will be updated in-place
  ~ resource "aws_docdb_cluster_parameter_group" "default" {
        id          = "k8s-dev-docdb-pgroup"
        name        = "k8s-dev-docdb-pgroup"
        tags        = {
            "foo"   = "val1"
            "bar"   = "val2"
        }
        # (4 unchanged attributes hidden)

      - parameter {
          - apply_method = "pending-reboot" -> null
          - name         = "tls" -> null
          - value        = "enabled" -> null
        }

        # (2 unchanged blocks hidden)
    }

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

Resource file:

resource "aws_docdb_cluster_parameter_group" "default" {
  count    = var.docdb_create && !var.docdb_global_cluster ? 1 : 0
  provider = aws.current

  name        = "${var.name}-${var.env}-docdb-pgroup"
  description = "${var.name}-${var.env} DB Cluster Parameter Group"
  family      = var.docdb_group_family

  dynamic "parameter" {
    for_each = local.cluster_parameter_group

    content {
      name         = parameter.key
      value        = parameter.value
      apply_method = "pending-reboot"
    }
  }

and list of custom parameter.

locals {
  db_identifier = "${var.name}-${var.env}-docdb-cluster"
  cluster_parameter_group = {
    audit_logs : "enabled"
    profiler : "enabled"
  }
  log_exports = ["audit", "profiler"]
  log_groups = {
    for value in local.log_exports : value => {
      name : "/aws/docdb/${local.db_identifier}/${value}"
    }
  }
}

Steps to Reproduce

Terraform Plan and Terraform apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.