Aws_route53_resolver_rule causes replacement of all rules

I have a variable var.forwarder_rules that is a map. ex:

forwarder_rules = {
  "corp.example.com" = {
    domain_name = "corp.example.com"
    name        = "corp-example-com forward rule"
    target_ips  = ["10.1.0.200", "10.2.0.200"] 
  },
  "exampleservices.com" = {
    domain_name = "exampleservices.com"
    name        = "exampleservices-com forward rule"
    target_ips  = ["10.1.0.200", "10.2.0.200"]
  },
  "ad.exampleservices.com" = {
    domain_name = "ad.exampleservices.com"
    name        = "AD rule"
    target_ips  = ["10.3.0.100", "10.4.0.100"]
  }
}

I create the rules via the aws_route53_resolver_rule resource… ex:

resource "aws_route53_resolver_rule" "outbound" {
  for_each = {
    for key, value in var.forwarder_rules :
    key => value
  } 
  domain_name          = each.value.domain_name
  name                 = each.value.name
  rule_type            = "FORWARD"
  resolver_endpoint_id = aws_route53_resolver_endpoint.outbound.id
  dynamic "target_ip" {
    for_each = toset(var.forwarder_rules[each.key]["target_ips"])
    content { ip = target_ip.value }
  }
}

Everything creates successfully and works just fine, the issue is when I add an additional rule (such as www.exampleservices.com) to var.forwarder_rules it deletes and recreates all the existing rules.

Is there a way I can structure this use case so it just adds the new rule without recreating the existing?

Hi @ellde,

To answer this question it would help to know more about what changes the provider has proposed when you added a new rule. The easiest way to share that information is to include the entire output from terraform plan, since that will explain both what is being proposed for replacement and hopefully also some information about why that is being proposed.