[Bug]: aws_bedrockagent_agent resource fails to update due to inconsistent result after apply

[pursachi]

Terraform Core Version

1.5.7

AWS Provider Version

5.69.0

Affected Resource(s)

aws_bedrockagent_agent resource created successfully via terraform, however when trying to update some config, it is complaining that the Provider produced inconsistent result after apply. In the first instance it complained for kms key and while re-running the same code, it started complaining for bedrock agent advance prompt config

Expected Behavior

The resource should be updated successfully

Actual Behavior

The resource fails to update

Relevant Error/Panic Output Snippet

Error: Provider produced inconsistent result after apply
When applying changes to
module.bedrock_agent.aws_bedrockagent_agent.bedrock_test_agent,
provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an
unexpected new value: .customer_encryption_key_arn: was
cty.StringVal("arn:aws:kms:eu-central-1:29******9:key/fdf****769c895a"),
but now null.
This is a bug in the provider, which should be reported in the provider's own
issue tracker.

Error: Provider produced inconsistent result after apply
When applying changes to
module.bedrock_agent.aws_bedrockagent_agent.bedrock_test_agent,
provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an
unexpected new value:
.prompt_override_configuration[0].prompt_configurations: was
cty.SetVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"base_prompt_template":cty.StringVal("{\n
<masked advance prompt>),
"inference_configuration":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"max_length":cty.NumberIntVal(2048),
"stop_sequences":cty.ListVal([]cty.Value{cty.StringVal("</Human>")}),
"temperature":cty.NumberFloatVal(0.5), "top_k":cty.NumberIntVal(250),
"top_p":cty., but now null.
This is a bug in the provider, which should be reported in the provider's own
issue tracker.

Terraform Configuration Files

data "aws_iam_policy_document" "bedrock_agent_trust" {
  statement {
    actions = ["sts:AssumeRole"]
    principals {
      identifiers = ["bedrock.amazonaws.com"]
      type        = "Service"
    }
    condition {
      test     = "StringEquals"
      values   = [data.aws_caller_identity.current.account_id]
      variable = "aws:SourceAccount"
    }
    condition {
      test     = "ArnLike"
      values   = ["arn:${data.aws_partition.current.partition}:bedrock:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:agent/*"]
      variable = "AWS:SourceArn"
    }
  }
}

data "aws_iam_policy_document" "bedrock_agent_permissions" {
  statement {
    actions = ["bedrock:InvokeModel"]
    resources = [
      "arn:${data.aws_partition.current.partition}:bedrock:${data.aws_region.current.name}::foundation-model/anthropic.claude-3-sonnet-20240229-v1:0"
    ]
  }
}

resource "aws_iam_role" "bedrock_test_agent_role" {
  assume_role_policy = data.aws_iam_policy_document.bedrock_agent_trust.json
  name_prefix        = "AmazonBedrockExecutionRoleForAgents_"
}

resource "aws_iam_role_policy" "bedrock_test_agent_policy" {
  policy = data.aws_iam_policy_document.bedrock_agent_permissions.json
  role   = aws_iam_role.bedrock_test_agent_role.id
}

resource "aws_bedrockagent_agent" "bedrock_test_agent" {
  agent_name                  = var.agent_name
  description                 = var.agent_description
  agent_resource_role_arn     = aws_iam_role.bedrock_test_agent_role.arn
  idle_session_ttl_in_seconds = var.session_time_out
  foundation_model            = var.model_id
  customer_encryption_key_arn = module.bedrock_test_agent_kms.key_arn
  instruction                 = file("${path.module}/prompts/agent_instruction.txt")
  prepare_agent               = var.prepare_agent
  prompt_override_configuration {
    prompt_configurations {
      prompt_type          = "PRE_PROCESSING"
      prompt_state         = "ENABLED"
      prompt_creation_mode = "OVERRIDDEN"
      parser_mode          = "DEFAULT"
      base_prompt_template = file("${path.module}/prompts/pre_processing.json")
      inference_configuration {
        temperature    = 0.5
        top_k          = 250
        top_p          = 1.0
        max_length     = 2048
        stop_sequences = ["</Human>"]
      }
    }
    prompt_configurations {
      prompt_type          = "ORCHESTRATION"
      prompt_state         = "ENABLED"
      prompt_creation_mode = "OVERRIDDEN"
      parser_mode          = "DEFAULT"
      base_prompt_template = file("${path.module}/prompts/orchestration.json")
      inference_configuration {
        temperature    = 0.5
        top_k          = 250
        top_p          = 1.0
        max_length     = 2048
        stop_sequences = ["</invoke>", "</answer>", "</error>"]
      }
    }
    prompt_configurations {
      prompt_type          = "POST_PROCESSING"
      prompt_state         = "ENABLED"
      prompt_creation_mode = "OVERRIDDEN"
      parser_mode          = "DEFAULT"
      base_prompt_template = file("${path.module}/prompts/post_processing.json")

      inference_configuration {
        temperature    = 0.1
        top_k          = 250
        top_p          = 1.0
        max_length     = 2048
        stop_sequences = ["</Human>"]
      }
    }
  }
}
resource "aws_bedrockagent_agent_alias" "bedrock_test_agent_alias" {
  agent_alias_name = var.agent_alias_name
  agent_id         = aws_bedrockagent_agent.bedrock_test_agent.agent_id
  description      = "Alias for bedrock_test_agent"
}

Steps to Reproduce

1. Please make sure you have access to anthropic.claude-3-sonnet model
2. create necessary provider block and variables
3. apply the config, it should create the resource succussfully
4. Try changing prompts or create a new alias, it should fail

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.