BugZero | Terraform BugID 37244 - Provider produced inconsistent result after apply

Terraform - Defect ID: 37244

Provider produced inconsistent result after apply

Terraform - Defect ID: 37244

Provider produced inconsistent result after apply

Last updated on July 18th, 2025

BugZero Risk Score
6.1 Medium

Overall: 6.1

Status: 7.3

Community: 3.7

What is the BugZero Risk Score?

Terraform Integration

Learn more about where this data comes from

Terraform Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Unspecified
Status: Closed

Description

### Terraform Version ```shell Terraform v1.12.2 on linux_amd64 + provider registry.terraform.io/hashicorp/aws v5.100.0 + provider registry.terraform.io/hashicorp/null v3.2.1 ``` ### Terraform Configuration Files main.tf ``` resource "aws_auditmanager_assessment" "sample_assessment" { name = "${module.naming.resources.prefix.name}-audit-manager" assessment_reports_destination { destination = "s3://${module.s3_bucket.s3_bucket_id}" destination_type = "S3" } framework_id = "fbb2b9b2-5a09-46fb-b338-ed2f8a86512d" roles { role_arn = aws_iam_role.auditmanager_process_owner.arn role_type = "PROCESS_OWNER" } scope { aws_accounts { id = data.aws_caller_identity.current.account_id } aws_services { service_name = "S3" } } } ``` ### Debug Output ``` aws_iam_policy.auditmanager_process_owner_policy: Creating... aws_iam_role.auditmanager_process_owner: Creating... aws_iam_policy.auditmanager_process_owner_policy: Creation complete after 2s [id=arn:aws:iam::426857564226:policy/AuditManagerProcessOwnerPolicy] aws_iam_role.auditmanager_process_owner: Creation complete after 3s [id=AuditManagerProcessOwnerRole] aws_iam_role_policy_attachment.attach_process_owner_policy: Creating... aws_auditmanager_assessment.sample_assessment: Creating... aws_iam_role_policy_attachment.attach_process_owner_policy: Creation complete after 1s [id=AuditManagerProcessOwnerRole-20250616162630170200000001] ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to aws_auditmanager_assessment.sample_assessment, provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an unexpected new value: .scope[0].aws_services: planned set element │ cty.ObjectVal(map[string]cty.Value{"service_name":cty.StringVal("S3")}) does not correlate with any element in actual. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ``` ### Expected Behavior According to configuration i specify on terraform file, that should have created Audit Manager Assessment. ### Actual Behavior It was all going great till terraform plan, but when i do terraform, error shown: ``` Error: Provider produced inconsistent result after apply │ When applying changes to aws_auditmanager_assessment.sample_assessment, provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an unexpected new value: .scope[0].aws_services: planned set element │ cty.ObjectVal(map[string]cty.Value{"service_name":cty.StringVal("S3")}) does not correlate with any element in actual. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ``` ### Steps to Reproduce 1. terraform init 2. terraform validate 3. terraform plan 4. terraform apply ### Additional Context iam.tf ``` resource "aws_iam_role" "auditmanager_process_owner" { name = "AuditManagerProcessOwnerRole" assume_role_policy = jsonencode({ Version = "2012-10-17", Statement = [ { Effect = "Allow", Principal = { Service = "auditmanager.amazonaws.com" }, Action = "sts:AssumeRole" } ] }) } resource "aws_iam_policy" "auditmanager_process_owner_policy" { name = "AuditManagerProcessOwnerPolicy" policy = jsonencode({ Version = "2012-10-17", Statement = [ { Sid : "AllowAuditManagerAccess", Effect = "Allow", Action = [ "auditmanager:GetAssessment", "auditmanager:ListAssessments", "auditmanager:GetEvidenceFoldersByAssessment", "auditmanager:GetEvidence", "auditmanager:ListControls", "auditmanager:ListKeywordsForDataSource", "auditmanager:GetAccountStatus", "auditmanager:ListNotifications", "auditmanager:TagResource" ], Resource = "*" }, { Sid : "AllowReadAccessToEvidenceSources", Effect : "Allow", Action : [ "cloudtrail:LookupEvents", "config:GetResourceConfigHistory", "config:DescribeConfigRules", "config:GetComplianceDetailsByConfigRule", "s3:GetObject", "s3:ListBucket" ], Resource = "*" }, { Sid : "AllowWriteReportsToS3", Effect = "Allow", Action : [ "s3:PutObject" ], Resource = "arn:aws:s3:::${module.s3_bucket.s3_bucket_id}/*" } ] }) } resource "aws_iam_role_policy_attachment" "attach_process_owner_policy" { role = aws_iam_role.auditmanager_process_owner.name policy_arn = aws_iam_policy.auditmanager_process_owner_policy.arn } ``` main.tf ``` resource "aws_auditmanager_assessment" "sample_assessment" { name = "${module.naming.resources.prefix.name}-audit-manager" assessment_reports_destination { destination = "s3://${module.s3_bucket.s3_bucket_id}" destination_type = "S3" } framework_id = "fbb2b9b2-5a09-46fb-b338-ed2f8a86512d" roles { role_arn = aws_iam_role.auditmanager_process_owner.arn role_type = "PROCESS_OWNER" } scope { aws_accounts { id = data.aws_caller_identity.current.account_id } aws_services { service_name = "S3" } } } ``` versions.tf ``` terraform { required_version = "~> 1.2" required_providers { aws = { source = "hashicorp/aws" version = ">= 5.0" } null = { source = "hashicorp/null" version = "3.2.1" } } } ``` providers.tf ``` provider "aws" { region = var.region } ``` After initializing this files `terraform init` `terraform validate` as well as `terraform plan` will also works fine but it stuck on `terraform apply` ``` Error: Provider produced inconsistent result after apply``` ### References Reference: 1. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/auditmanager_assessment 2. https://support.hashicorp.com/hc/en-us/articles/1500006254562-Provider-Produced-Inconsistent-Results ### Generative AI / LLM assisted development? ChatGPT

Relevant Products

Click on a version to see all relevant bugs

Affected versions:1.12.2

Fixed versions: No known fixed versions

Relevant Products

Click on a version to see all relevant bugs

Affected versions:1.12.2

Fixed versions: No known fixed versions

Top Terraform Defects

8.5Defect ID: 38591
Race condition in ephemeral resources uncovered after minor fix to recover lost diagnostics
8.5Defect ID: 38580
panic: runtime error: invalid memory address or nil pointer dereference
8.5Defect ID: 38577
SSH communicator leaks private key material in error messages
8.5Defect ID: 38576
HTTP backend: TLS config defaults to TLS 1.0, allows protocol downgrade
8.5Defect ID: 38574
Ephemeral resources: renewal diagnostics silently dropped due to discarded Append return

Ready to prevent the next vendor outage?

Get a demo

Terraform - Defect ID: 37244

Provider produced inconsistent result after apply

Terraform - Defect ID: 37244

Provider produced inconsistent result after apply

Last updated on July 18th, 2025

BugZero Risk Score6.1 Medium

Bug Details

Top Terraform Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
6.1 Medium