[Bug]: Wrong ARN for AWS Amplify Webhooks

Terraform Core Version

1.9.0

AWS Provider Version

5.67.0

Affected Resource(s)

aws_amplify_webhook

Expected Behavior

The output of aws_amplify_webhook.example_webhook.arn should be arn:aws:amplify:<region>:<account-id>:webhooks/<webhook-id>.

Actual Behavior

The actual output of aws_amplify_webhook.example_webhook.arn is arn:aws:amplify:<region>:<account-id>:apps/<app-id>/webhooks/<webhook-id>

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } } required_version = "~> 1.9.0" }

Steps to Reproduce


resource "aws_amplify_app" "example" {
name = "app"
}

resource "aws_amplify_branch" "master" { app_id = aws_amplify_app.example.id branch_name = "master" }

resource "aws_amplify_webhook" "master" { app_id = aws_amplify_app.example.id branch_name = aws_amplify_branch.master.branch_name description = "triggermaster" }

2. `terraform apply`
3. `terraform state show aws_amplify_webhook.master`

### Debug Output

_No response_

### Panic Output

_No response_

### Important Factoids

I need to add an amplify:GetWebhook IAM permission for this specific webhook, but I was getting the error:

Error: reading Amplify Webhook (): operation error Amplify: GetWebhook, https response error StatusCode: 403, RequestID: , api error AccessDeniedException: User: arn:aws:sts:::assumed-role/ is not authorized to perform: amplify:GetWebhook on resource: arn:aws:amplify:::webhooks/



and I noticed the discrepancy in that Terraform outputs the ARN as `arn:aws:amplify:<region>:<account-id>:apps/<app-id>/webhooks/<webhook-id>` when AWS expects `arn:aws:amplify:<region>:<account-id>:webhooks/<webhook-id> `(without the `apps/<app-id>` part).

When I fixed this manually in the IAM console, I no longer saw the 403 error.

### References

_No response_

### Would you like to implement a fix?

None

hashicorp / terraform-provider-aws