### Terraform Version ```shell Terraform v1.12.2 on linux_amd64 + provider registry.terraform.io/hashicorp/aws v5.100.0 + provider registry.terraform.io/hashicorp/null v3.2.1 ``` ### Terraform Configuration Files main.tf ``` resource "aws_auditmanager_assessment" "sample_assessment" { name = "${module.naming.resources.prefix.name}-audit-manager" assessment_reports_destination { destination = "s3://${module.s3_bucket.s3_bucket_id}" destination_type = "S3" } framework_id = "fbb2b9b2-5a09-46fb-b338-ed2f8a86512d" roles { role_arn = aws_iam_role.auditmanager_process_owner.arn role_type = "PROCESS_OWNER" } scope { aws_accounts { id = data.aws_caller_identity.current.account_id } aws_services { service_name = "S3" } } } ``` ### Debug Output ``` aws_iam_policy.auditmanager_process_owner_policy: Creating... aws_iam_role.auditmanager_process_owner: Creating... aws_iam_policy.auditmanager_process_owner_policy: Creation complete after 2s [id=arn:aws:iam::426857564226:policy/AuditManagerProcessOwnerPolicy] aws_iam_role.auditmanager_process_owner: Creation complete after 3s [id=AuditManagerProcessOwnerRole] aws_iam_role_policy_attachment.attach_process_owner_policy: Creating... aws_auditmanager_assessment.sample_assessment: Creating... aws_iam_role_policy_attachment.attach_process_owner_policy: Creation complete after 1s [id=AuditManagerProcessOwnerRole-20250616162630170200000001] ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to aws_auditmanager_assessment.sample_assessment, provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an unexpected new value: .scope[0].aws_services: planned set element │ cty.ObjectVal(map[string]cty.Value{"service_name":cty.StringVal("S3")}) does not correlate with any element in actual. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ``` ### Expected Behavior According to configuration i specify on terraform file, that should have created Audit Manager Assessment. ### Actual Behavior It was all going great till terraform plan, but when i do terraform, error shown: ``` Error: Provider produced inconsistent result after apply │ When applying changes to aws_auditmanager_assessment.sample_assessment, provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an unexpected new value: .scope[0].aws_services: planned set element │ cty.ObjectVal(map[string]cty.Value{"service_name":cty.StringVal("S3")}) does not correlate with any element in actual. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ``` ### Steps to Reproduce 1. terraform init 2. terraform validate 3. terraform plan 4. terraform apply ### Additional Context iam.tf ``` resource "aws_iam_role" "auditmanager_process_owner" { name = "AuditManagerProcessOwnerRole" assume_role_policy = jsonencode({ Version = "2012-10-17", Statement = [ { Effect = "Allow", Principal = { Service = "auditmanager.amazonaws.com" }, Action = "sts:AssumeRole" } ] }) } resource "aws_iam_policy" "auditmanager_process_owner_policy" { name = "AuditManagerProcessOwnerPolicy" policy = jsonencode({ Version = "2012-10-17", Statement = [ { Sid : "AllowAuditManagerAccess", Effect = "Allow", Action = [ "auditmanager:GetAssessment", "auditmanager:ListAssessments", "auditmanager:GetEvidenceFoldersByAssessment", "auditmanager:GetEvidence", "auditmanager:ListControls", "auditmanager:ListKeywordsForDataSource", "auditmanager:GetAccountStatus", "auditmanager:ListNotifications", "auditmanager:TagResource" ], Resource = "*" }, { Sid : "AllowReadAccessToEvidenceSources", Effect : "Allow", Action : [ "cloudtrail:LookupEvents", "config:GetResourceConfigHistory", "config:DescribeConfigRules", "config:GetComplianceDetailsByConfigRule", "s3:GetObject", "s3:ListBucket" ], Resource = "*" }, { Sid : "AllowWriteReportsToS3", Effect = "Allow", Action : [ "s3:PutObject" ], Resource = "arn:aws:s3:::${module.s3_bucket.s3_bucket_id}/*" } ] }) } resource "aws_iam_role_policy_attachment" "attach_process_owner_policy" { role = aws_iam_role.auditmanager_process_owner.name policy_arn = aws_iam_policy.auditmanager_process_owner_policy.arn } ``` main.tf ``` resource "aws_auditmanager_assessment" "sample_assessment" { name = "${module.naming.resources.prefix.name}-audit-manager" assessment_reports_destination { destination = "s3://${module.s3_bucket.s3_bucket_id}" destination_type = "S3" } framework_id = "fbb2b9b2-5a09-46fb-b338-ed2f8a86512d" roles { role_arn = aws_iam_role.auditmanager_process_owner.arn role_type = "PROCESS_OWNER" } scope { aws_accounts { id = data.aws_caller_identity.current.account_id } aws_services { service_name = "S3" } } } ``` versions.tf ``` terraform { required_version = "~> 1.2" required_providers { aws = { source = "hashicorp/aws" version = ">= 5.0" } null = { source = "hashicorp/null" version = "3.2.1" } } } ``` providers.tf ``` provider "aws" { region = var.region } ``` After initializing this files `terraform init` `terraform validate` as well as `terraform plan` will also works fine but it stuck on `terraform apply` ``` Error: Provider produced inconsistent result after apply``` ### References Reference: 1. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/auditmanager_assessment 2. https://support.hashicorp.com/hc/en-us/articles/1500006254562-Provider-Produced-Inconsistent-Results ### Generative AI / LLM assisted development? ChatGPT