[Bug]: sns/topic objects have changed outside of Terraform

[YakDriver]

Terraform 1.3.7
AWS provider 4.50.0.

It seems it's still randomly happens. Not every time and seems like amount of diff decreased.

As I remember, before it was happening almost in 100% of runs and for every sns resource. Now for couple of them or so. For SNS it shows as usual changed order in policy.

Examples:

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # module.sns.aws_sns_topic.this["topic1"] has changed
  ~ resource "aws_sns_topic" "this" {
...
      ~ policy                                   = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action    = [
                          - "SNS:GetTopicAttributes",
                          + "SNS:Subscribe",
                            "SNS:SetTopicAttributes",
                          - "SNS:AddPermission",
                            "SNS:RemovePermission",
                          - "SNS:DeleteTopic",
                          - "SNS:Subscribe",
                          - "SNS:ListSubscriptionsByTopic",
                          + "SNS:Receive",
                            "SNS:Publish",
                          + "SNS:ListSubscriptionsByTopic",
                          + "SNS:GetTopicAttributes",
                          + "SNS:DeleteTopic",
                          + "SNS:AddPermission",
                        ]
                        # (5 unchanged elements hidden)
                    },

References

• Perpetual diffs / Objects have changed outside of Terraform (v3.70.0+) #23288
• [Bug]: sqs/queue objects have changed outside of Terraform #28992
• Originally posted by @nantiferov in "Objects changed outside of Terraform" shown wrongly for various resources #19727 (comment)

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[nantiferov]

Hi @YakDriver

I managed to create test config which reproduces my issues. It's not ideal in terms of code quality, since it's based on some legacy code.

So the issue with drift reproduces in ~95% of cases and always related to previously changed state. I.e. if previous state change was to add SNS, in next plan we'll get for this SNS Objects have changed outside of Terraform related to policy. If SQS was changed, we get Objects have changed outside of Terraform for that SQS related to policy as well.

This is repository with test configuration https://github.com/nantiferov/test-sns-sqs
Its README.md describes how to reproduce issue in details.