[Bug]: aws_macie2_member forces replacement on changes to tags

[dli-spoton]

Terraform Core Version

1.5.7

AWS Provider Version

5.61.0

Affected Resource(s)

aws_macie2_member

Expected Behavior

Update in-place for changes to tags.

Actual Behavior

Changes to tags forces a replacement of the resource

Relevant Error/Panic Output Snippet

# aws_macie2_member.each["example"] must be replaced
-/+ resource "aws_macie2_member" "each" {
      ~ administrator_account_id              = "xxxxxxxxxxxx" -> (known after apply)
      ~ arn                                   = "arn:aws:macie2:us-east-1:xxxxxxxxxxxx:member/xxxxxxxxxxxx" -> (known after apply)
      + email                                 = "placeholder@example.com"
      ~ id                                    = "xxxxxxxxxxxx" -> (known after apply)
      ~ invite                                = true -> false
      ~ invited_at                            = "YYYY-MM-DDThh:mm:ssZ" -> (known after apply)
      ~ master_account_id                     = "xxxxxxxxxxxx" -> (known after apply)
      ~ relationship_status                   = "Enabled" -> (known after apply)
      ~ tags                                  = { # forces replacement
          - "old"  = "value" -> null
          + "key1" = "value1"
          + "key2" = "value2"
        }
      ~ tags_all                              = {
          - "old" = "value" 
        } -> (known after apply)
      ~ updated_at                            = "YYYY-MM-DDThh:mm:ssZ" -> (known after apply)
        # (3 unchanged attributes hidden)
    }

Terraform Configuration Files

# Enable Macie on the org root
resource "aws_macie2_account" "admin" {
  provider                     = aws.root
  finding_publishing_frequency = var.macie_finding_frequency
  status                       = "ENABLED"
}
# Delegate org admin
resource "aws_macie2_organization_admin_account" "admin" {
  provider         = aws.root
  admin_account_id = var.aws_account_id
  depends_on       = [aws_macie2_account.admin]
}
# add member
resource "aws_macie2_member" "member" {
  account_id                            = var.member_id
  email                                 = var.member_email
  invite                                = false
  invitation_disable_email_notification = true
  status                                = "ENABLED"
  tags                                  = var.tags
  depends_on = [
    aws_macie2_account.admin,
    aws_macie2_organization_admin_account.admin,
  ]
  lifecycle {
    ignore_changes = [status, invite, email, ]
  }
}

Steps to Reproduce

1. Deploy the aws_macie2_member resource with some tags.
2. Change the tags.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.