Creating vpc flow logs returns 400: Failed to set permission for LogDestination:

I am currently working on implementing a security framework in terraform. As a part of this project I need to create sets of vpc flow logs. I’m encountering an issue when I try too run terraform apply. The configuration for this looks like:

resource aws_flow_log flow_log{
    count = length(var.aws_vpc_ids)
    log_destination = var.log_destination
    log_destination_type = var.log_destination_type
    traffic_type = var.traffic_type
    vpc_id = var.aws_vpc_ids[count.index]
    depends_on = [ var.log_destination ]

      // Tags 
  tags = {
    Name              = "${var.aws_vpc_ids[count.index]}"
    cost_environment  = "${ var.environment == "production" ? "production" : "non-production"}" 
    cost_category     = "SEC"
    cost_team_owner   = "MOPRAV"
  }
}

Expected:
The apply should run successfully

Actual:

 Error: error creating Flow Log (vpc-945bf9f3): 1 error occurred:
│       * vpc-945bf9f3: 400: Failed to set permission for LogDestination: nf-cisbenchmark-nf-sandbox-vpc-flow-logs
│ 
│ 
│ 
│   with module.nf_cis_benchmark.module.vpc[0].module.eu-west-1.aws_flow_log.flow_log[2],
│   on modules/nf_cis_benchmark/modules/vpc/modules/flow_log/flow_log.tf line 1, in resource "aws_flow_log" "flow_log":
│    1: resource aws_flow_log flow_log{

I have the same problem. Is this something new with the latest aws provider (3.70)?
Before it worked (like 6 months ago) - the same code.

On subsequent retry (plan & apply), albeit with some non-functional changes in code (i.e. cosmetic ones) it worked.
I also enabled “export TF_LOG=DEBUG”, if that makes a difference.