[Bug]: aws_bedrock_guardrail plan shows diff even without any change when used jsondecode for passing the guardrail configuration

[anashakt]

Terraform Core Version

v1.9.8

AWS Provider Version

v5.74.0

Affected Resource(s)

• aws_bedrock_guardrail

Expected Behavior

terraform plan shouldn't show any diff since nothing has been changed

Actual Behavior

terraform plan shows diff.

Relevant Error/Panic Output Snippet

# aws_bedrock_guardrail.platform_guardrail will be updated in-place
  ~ resource "aws_bedrock_guardrail" "platform_guardrail" {
        name                      = "test_guardrail"
        # (9 unchanged attributes hidden)

      ~ content_policy_config {
          ~ filters_config {
              ~ type            = "MISCONDUCT" -> "HATE"
                # (2 unchanged attributes hidden)
            }
          ~ filters_config {
              ~ type            = "HATE" -> "INSULTS"
                # (2 unchanged attributes hidden)
            }
          ~ filters_config {
              ~ type            = "SEXUAL" -> "MISCONDUCT"
                # (2 unchanged attributes hidden)
            }
          ~ filters_config {
              ~ type            = "INSULTS" -> "SEXUAL"
                # (2 unchanged attributes hidden)
            }
            # (2 unchanged blocks hidden)
        }
    }
Plan: 0 to add, 1 to change, 0 to destroy.

Terraform Configuration Files

locals {
  guardrail_config = jsondecode(file("${path.module}/guardrails.json"))

  # Generate a hash from the parsed JSON data to use as a version identifier
  guardrail_hash = sha256(jsonencode(local.guardrail_config))
}

resource "aws_bedrock_guardrail" "platform_guardrail" {
  name                      = local.guardrail_config.name
  description               = local.guardrail_config.description
  blocked_input_messaging   = local.guardrail_config.blockedInputMessaging
  blocked_outputs_messaging = local.guardrail_config.blockedOutputsMessaging

  content_policy_config {
    dynamic "filters_config" {
      for_each = local.guardrail_config.contentPolicyConfig.filtersConfig
      content {
        type            = filters_config.value.type
        input_strength  = filters_config.value.inputStrength
        output_strength = filters_config.value.outputStrength
      }
    }
  }

Steps to Reproduce

Steps to Reproduce

1. Create a json file with guardrail content. A sample is attached
2. Create the guardrail using the contents from the json file. Terraform configuration is provided above.
3. Run tf apply to create the guardrail.
4. Run tf plan which shouldn't any difference since nothing has been changed. guardrails.json

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[ivan-aws]

i'm able to reproduce this without the json. i get the same behavior when looping over a list in an object defined in locals