Creating a aws_vpc_peering_connection results at tained the connection after re-apply

Hi team,

We are creating a vpc peering against two different AWS accounts, where only the requester account is under terraform, and the accepter account accepts the peering request manually.

The problem we are facing that after the peering request is accepted, when running again terraform on the requester side (state file) terraform is noting the VPC connection as:

is tainted, so must be replaced

And is trying to recreate the connection if applied. The expected behavior would be to properly “see” the vpc connection as valid at the state file and not consider as tained.

code used:

resource "aws_vpc_peering_connection" "vpc-peering-connection" {
  count      = var.enable_vpc_peering ? 1 : 0
  peer_owner_id = var.vpc_account_id
  peer_vpc_id   = var.vpc_id
  vpc_id        =
  accepter {
    allow_remote_vpc_dns_resolution = true

  requester {
    allow_remote_vpc_dns_resolution = true

  tags = {
    Name = "VPC Peering between A and B VPC in different AWS accounts"

Terraform output after accepted, accepts the request and run again terraform plan

  # module.vpc.aws_vpc_peering_connection.sbc-vpc-peering-connection[0] is tainted, so must be replaced
-/+ resource "aws_vpc_peering_connection" "vpc-peering-connection" {
      ~ accept_status = "active" -> (known after apply)
      ~ id            = "pcx-******" -> (known after apply)
        peer_owner_id = "****"
      ~ peer_region   = "us-east-1" -> (known after apply)
        peer_vpc_id   = "vpc-****"
        tags          = {
            "Name" = "VPC Peering between A and B VPC in different AWS accounts "
        vpc_id        = "vpc-*****"

      + accepter {
          + allow_classic_link_to_remote_vpc = false
          + allow_remote_vpc_dns_resolution  = true
          + allow_vpc_to_remote_classic_link = false

      ~ requester {
            allow_classic_link_to_remote_vpc = false
          ~ allow_remote_vpc_dns_resolution  = false -> true
            allow_vpc_to_remote_classic_link = false

The question is, that the specific use case is not supported? As terraform is expecting to use “aws_vpc_peering_connection_accepter”?

If that is the case, can you please propose any solution if available to solve the issue?

Thank you,