Azurerm_firewall_policy changes on every run despite not changing anything

Curious if anyone else is running into this. We have deployed azurerm_firewall_policy and associated it with an azurerm_firewall resource. We can trigger mock runs all day and the policy continues to “change”, but the plan shows nothing changing. When looking at the activity log for the resource group, we can see properties.size is changing. Is this inevitable that every run we’ll see this resource “change” or is there a way to ignore the size property? Terraform logs don’t indicate that anything is actually changing.

You might be experiencing a common issue where Terraform detects a “change” due to dynamic properties updated by Azure, despite no actual changes in your configuration. To resolve this, you can use the lifecycle block in your Terraform code to ignore changes to the properties.size attribute of the azurerm_firewall_policy. However, use this approach with caution as it tells Terraform to overlook certain changes, which might not always be desirable.

1 Like

Big delay on the response. Turns out whoever built our module made “intrusion_detection” block static instead of dynamic. The content of the block was blank, but the block itself was still getting created. We had to change the view back to CLI in order to see this, it wasn’t showing in the new view.

Thanks for your response!!