[Bug]: Error when removing Athena workgroup encryption

[mlnrt]

Terraform Core Version

1.7.4

AWS Provider Version

5.35.0

Affected Resource(s)

aws_athena_workgroup

Expected Behavior

Removing the configuration.result_configuration.encryption_configuration block from the resource should call the UpdateWorkgroup API setting ResultConfigurationUpdates={RemoveEncryptionConfiguration=true}

Actual Behavior

Terraform seems to try to set the encryption configuration to empty values which is not allowes

Relevant Error/Panic Output Snippet

When removing the configuration.result_configuration.encryption_configuration block from the resource, terraform fails on the apply stage with the following error:

Error: updating Athena Workgroup (test): operation error Athena: UpdateWorkGroup, 1 validation error(s) found. - missing required field, UpdateWorkGroupInput.Configuration.ResultConfigurationUpdates.EncryptionConfiguration.EncryptionOption

Terraform Configuration Files

resource "aws_athena_workgroup" "test" {
  name = "test"
  force_destroy = true

  configuration {
  bytes_scanned_cutoff_per_query     = 107374182400
  enforce_workgroup_configuration    = true
  publish_cloudwatch_metrics_enabled = true
    result_configuration {
    output_location = "s3://..."
      encryption_configuration {
        encryption_option = "SSE_KMS"
        kms_key_arn          = <KMS key resource reference ARN>
      }
    }
  }
}

Steps to Reproduce

1. create an Athena workgroup with encryption

   resource "aws_athena_workgroup" "test" {
   name = "test"
   force_destroy = true
   
   configuration {
   bytes_scanned_cutoff_per_query     = 107374182400
   enforce_workgroup_configuration    = true
   publish_cloudwatch_metrics_enabled = true
   result_configuration {
   output_location = "s3://..."
     encryption_configuration {
       encryption_option = "SSE_KMS"
       kms_key_arn          = <KMS key resource reference ARN>
     }
   }
   }
   }

2. remove the configuration.result_configuration.encryption_configuration block, then apply the terraform plan

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.