awscc_bedrock_guardrail_version unable to publish new versions after the initial version creation

[krish5989]

locals {
  restriction_suffix  = ["high", "medium", "low"]
  ioguardrail_prefix  = "guardrails-1"
  secrets_type        = ["guardrail", "piiguardrail"]
}

# create io guardrail with different configuration policies

resource "awscc_bedrock_guardrail" "ioguardrail" {
  count                     = length(local.restriction_suffix)
  name                      = "${local.ioguardrail_prefix}-${local.restriction_suffix[count.index]}"
  blocked_input_messaging   = "Sorry, the content doesn't comply with Responsible AI policies so it cannot be processed!"
  blocked_outputs_messaging = "Sorry, the content doesn't comply with Responsible AI policies so it cannot be processed!"
  description               = "This amazon bedrock guardrail with ${local.restriction_suffix[count.index]} restriction to govern the input prompts and model response."
  content_policy_config = {
    filters_config = jsondecode(file("${path.module}/contentPolicyConfig_${local.restriction_suffix[count.index]}.json"))
  }

  sensitive_information_policy_config = {
    pii_entities_config = jsondecode(file("${path.module}/piiEntitiesConfig_${local.restriction_suffix[count.index]}.json"))
    regexes_config      = jsondecode(file("${path.module}/piiRegexConfig_${local.restriction_suffix[count.index]}.json"))
  }
  word_policy_config = {
    managed_word_lists_config = [{
      type = "PROFANITY"
    }]
    words_config = jsondecode(file("${path.module}/customWordsConfig_${local.restriction_suffix[count.index]}.json"))
  }

  topic_policy_config = {
    topics_config = jsondecode(file("${path.module}/topicsConfig_${local.restriction_suffix[count.index]}.json"))
  }

  contextual_grounding_policy_config = {
    filters_config = jsondecode(file("${path.module}/contextualGroundingPolicyConfig_${local.restriction_suffix[count.index]}.json"))
  }

  tags = [{
    key   = "Modified By"
    value = "terraform"
    },
    {
      key   = "Restriction Level"
      value = local.restriction_suffix[count.index]
  }]
}

# capture the arns of I/O and pii guardrails created:
locals {
  ioguardrail_arns  = awscc_bedrock_guardrail.ioguardrail[*].id
}

resource "awscc_bedrock_guardrail_version" "ioguardrail_version" {
  count                       = length(local.restriction_suffix)
  description              = "Bedrock Guardrail version for restriction type ${local.restriction_suffix[count.index]}"
  guardrail_identifier = local.ioguardrail_arns[count.index]
  depends_on            = [awscc_bedrock_guardrail.iogateway_guardrail]
}

Expectation is that after creation of the initial version. If there are any changes made, the above code block should create new versions of the guardrail preserving the previous versions. New version creation is not happening unless the old version is deleted.

awscc version 1.16.1

Am i missing something (or) is this a bug (or) the feature is incomplete?

[wellsiau-aws]

@krish5989 , thanks for reporting the issue. I am using this resource as well and I had separate but might be related issue with ordering of the attributes (which causes unnecessary drift).

Are you able to share some example of the error?