Error: Unexpected Identity Change: During the read operation, the Terraform Provider unexpectedly returned a different identity then the previously stored one.

[JonnoN]

Terraform and AWS Provider Version

Terraform v1.13.2
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v6.13.0

Affected Resource(s) or Data Source(s)

aws_security_group

Expected Behavior

no error

Actual Behavior

errors and exits

Relevant Error/Panic Output

│ 
│ This is always a problem with the provider and should be reported to the provider developer.
│ 
│ Current Identity: cty.ObjectVal(map[string]cty.Value{"account_id":cty.NullVal(cty.String), "id":cty.NullVal(cty.String), "region":cty.NullVal(cty.String)})
│ 
│ New Identity: cty.ObjectVal(map[string]cty.Value{"account_id":cty.StringVal("REDACTED"), "id":cty.StringVal("sg-REDACTED"), "region":cty.StringVal("us-east-1")})
│ 
│   with aws_security_group.va_rds_sg,
│   on main-va.tf line 52, in resource "aws_security_group" "va_rds_sg":
│   52: resource "aws_security_group" "va_rds_sg" {
│ 

Sample Terraform Configuration

Click to expand configuration

State is stored in backend "s3" dynamo_table and bucket.

resource "aws_rds_cluster_parameter_group" "va_settings" {
  provider    = aws.va
  name        = "${var.va_cluster_identifier}-postgres15-cluster-pg"
  family      = "aurora-postgresql15"
  description = "Postgres 15 cluster parameter group"

  parameter {
    name  = "max_connections"
    value = 1800
  }
}

Steps to Reproduce

First 'terraform apply' errored which seems to have broken the state. I have fixed the errors with the PG and SG, but the terraform error persists.

This was the initial error:

│ 
│   with aws_rds_cluster_parameter_group.va_settings,
│   on main-va.tf line 4, in resource "aws_rds_cluster_parameter_group" "va_settings":
│    4: resource "aws_rds_cluster_parameter_group" "va_settings" {
│ 
╵
╷
│ Error: updating Security Group (sg-REDACTED) ingress rules: authorizing Security Group (ingress) rules: operation error EC2: AuthorizeSecurityGroupIngress, https response error StatusCode: 400, RequestID: x, api error InvalidParameterValue: The same permission must not appear multiple times
│ 
│   with aws_security_group.va_rds_sg,
│   on main-va.tf line 49, in resource "aws_security_group" "va_rds_sg":
│   49: resource "aws_security_group" "va_rds_sg" {
│ ```

### Debug Logging

<details open>
<summary>Click to expand log output</summary>

```console

GenAI / LLM Assisted Development

n/a

Important Facts and References

No response

Would you like to implement a fix?

No

[github-actions]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.

[justinretzolk]

Hey @JonnoN 👋 Thank you for taking the time to raise this! I noticed that in the "Relevant Error/Panic Output" section, the logging that you provided references an aws_security_group, however, the sample Terraform configuration (and some of the other logging that you provided) references a aws_rds_cluster_parameter_group.

Can you provide a bit more clarity on what resource you're having troubles with? If it's possible, it would also be helpful if you can provide reproduction steps and/or debug logging (redacted as needed), though I understand this situation seems to have happened due to an error during apply, so that may be difficult.

[vinaykasirala]

Similar issue appears for Lambda function too.

Error: Missing Resource Identity After Update: The Terraform provider unexpectedly returned no resource identity after having no errors in the resource update. This is always a problem with the provider and should be reported to the provider developer

This was seen while updating an existing lambda function. Terraform apply is updating lambda function, updating state file, but fails with the above error.

Running Terraform apply again shows no changes to infra.

[MaheshRadhu]

I am getting similar error for aws_security_group & aws_ssm_parameter resources with terrform provider version 6.14.0. I have reverted back my provider version to 6.13.0 and it worked. Can you please check what has changed with latest released version.

[sathishadhirav]

I'm getting a similar error appears for Lambda function.

aws_lambda_function.**************: Modifying...

Error: Missing Resource Identity After Update: The Terraform provider unexpectedly returned no resource identity after having no errors in the resource update. This is always a problem with the provider and should be reported to the provider developer
"terraform_version: 1.9.6"
"aws_provider_version: >= 5.0.0"

[sathishadhirav]

Answer: I identified the issue and fixed it. The problem was with Terraform version, i used old one 1.9.6. After upgrading to the latest version 1.13.3, everything is working properly now.