deployment is failing and its expecting a change in security settings

Terraform Providers AWS
1

We have deployed a repo related to kafka clusters, earlier it was working fine without issues but now deployment is failing and its expecting a change in security settings. Error: The request does not include any updates to the security setting of the cluster. Verify the request, then try again. We have tried couple of changes as mentioend in one of the Github discussion Link : https://github.com/hashicorp/terraform-provider-aws/issues/24914 Terraform provider version : 5.30 1. Tried by adding client_authentication to ignore_changes and it didn’t 2. work. 2. Tried by adding client_authentication[0].tls to ignore_changes and it didn’t work. 3. Tried by setting unauthenticated = false in client_authentication and this too didn’t work. 4. Upgraded AWS provider version to 5.50 from 5.30 5. Also tried by downgraded it to 5.28 and still same deployment error. 6. Tried by setting tls{certificate_authority_arns=} Above al cahnges gave same error. We are not sure if this has something to do with AWS or Terraform but any help on this would be really helpfull. Note: As a temperory fix we had to make changes to security setting by enabling or desabling SASL/SCRAM authentication type for edhdev-cdc-kafka-cluster Cluster ARN: arn:aws:kafka:us-east-2:891422220700:cluster/edhdev-cdc-kafka-cluster/270e64c2-bab9-4a79-b020-5591b76855fb-7

2

Same issue in here using crossplane:

  • lastTransitionTime: “2025-03-24T14:21:35Z”
    message: ‘async update failed: failed to update the resource: [{0 updating MSK
    Cluster (arn:aws:kafka:eu-west-1:xxxxx:cluster/xxxxx/yyyzzz)
    security: operation error Kafka: UpdateSecurity, https response error StatusCode:
    400, RequestID: 89488cda-2205-46be-8b1f-af8e32917fff, BadRequestException: The
    request does not include any updates to the security setting of the cluster.
    Verify the request, then try again. }]’
3

I ran into the same problem getting the exception:

**Error: updating MSK Cluster (arn:aws:kafka:<redacted>) security: operation error Kafka: UpdateSecurity, https response error StatusCode: 400, RequestID: <redacted>, BadRequestException: The request does not include any updates to the security setting of the cluster. Verify the request, then try again.

Using:
**
module “msk_kafka_cluster” {

source = “terraform-aws-modules/msk-kafka-cluster/aws”
version = “2.11.0”

}

The problem was that the option tls was removed from client_authentication but deleting the line caused this error. Instead setting tls = false explicitly worked and after I could the line.

The change below caused the exception for me:

`~ client_authentication {
# (1 unchanged attribute hidden)

  - tls {}

    # (1 unchanged block hidden)
}`

Not sure if its the same case, but maybe this info helps someone with a similar issue.