Forces replacement in module in security group

Hello,

I see “# forces replacement” in the security group module: Terraform Registry
which is triggered by the changes in the security group list (when security groups are added in between than added at the end of the list - a specific usecase)

I’m looking for a resolution here, as if we say by default terraform deletes the resource and then creates it, in that matter I shouldn’t be seeing below error:

Error: [WARN] A duplicate Security Group rule was found on (SECURITY_GROUP). This may be
│ a side effect of a now-fixed Terraform issue causing two security groups with
│ identical attributes but different source_security_group_ids to overwrite each
│ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
│ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule

# module.apple_grape.module.apple_sg[0].aws_security_group_rule.ingress_with_cidr_blocks[0] must be replaced
-/+ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
      ~ cidr_blocks              = [ # forces replacement
          - "0.0.0.0/0",
          + "A",
          + "B",
        ]
      ~ description              = "OLD_DESCRIPTION" -> "NEW_DESCRIPTION"
      ~ from_port                = 8000 -> 9000 # forces replacement
      ~ id                       = "SGR_RULE_EXISTS" -> (known after apply)
      ~ security_group_rule_id   = "SGR_RULE_ID_EXISTS" -> (known after apply)
      + source_security_group_id = (known after apply)
      ~ to_port                  = 8000 -> 8009 # forces replacement
        # (5 unchanged attributes hidden)
    }

  # module.apple_grape.module.apple_sg[0].aws_security_group_rule.ingress_with_cidr_blocks[1] must be replaced
-/+ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
      ~ cidr_blocks              = [ # forces replacement
          - "0.0.0.0/0",
          + "A",
          + "B",
        ]
      ~ description              = "OLD_DESCRIPTION" -> "NEW_DESCRIPTION"
      ~ from_port                = 9900 -> 8000 # forces replacement
      ~ id                       = "SGR_RULE_EXISTS" -> (known after apply)
      ~ security_group_rule_id   = "SGR_RULE_ID_EXISTS" -> (known after apply)
      + source_security_group_id = (known after apply)
      ~ to_port                  = 9900 -> 8000 # forces replacement
        # (5 unchanged attributes hidden)
    }

  # module.apple_grape.module.apple_sg[0].aws_security_group_rule.ingress_with_cidr_blocks[2] must be replaced
-/+ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
      ~ description              = "OLD_DESCRIPTION" -> "NEW_DESCRIPTION"
      ~ from_port                = 8009 -> 8000 # forces replacement
      ~ id                       = "SGR_RULE_EXISTS" -> (known after apply)
      ~ security_group_rule_id   = "SGR_RULE_ID_EXISTS" -> (known after apply)
      + source_security_group_id = (known after apply)
      ~ to_port                  = 8009 -> 8000 # forces replacement
        # (6 unchanged attributes hidden)
    }

  # module.apple_grape.module.apple_sg[0].aws_security_group_rule.ingress_with_cidr_blocks[3] must be replaced
-/+ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
      ~ cidr_blocks              = [ # forces replacement
          - "0.0.0.0/0",
          + "A",
          + "B",
        ]
      ~ description              = "OLD_DESCRIPTION" -> "NEW_DESCRIPTION"
      ~ from_port                = 9000 -> 9059 # forces replacement
      ~ id                       = "SGR_RULE_EXISTS" -> (known after apply)
      + security_group_rule_id   = (known after apply)
      + source_security_group_id = (known after apply)
      ~ to_port                  = 8009 -> 9059 # forces replacement
        # (5 unchanged attributes hidden)
    }

  # module.apple_grape.module.apple_sg[0].aws_security_group_rule.ingress_with_cidr_blocks[4] must be replaced
-/+ resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
      ~ cidr_blocks              = [ # forces replacement
          - "0.0.0.0/0",
          + "A",
          + "B",
        ]
      ~ description              = "OLD_DESCRIPTION" -> "NEW_DESCRIPTION"
      ~ from_port                = 8000 -> 9900 # forces replacement
      ~ id                       = "SGR_RULE_EXISTS" -> (known after apply)
      + security_group_rule_id   = (known after apply)
      + source_security_group_id = (known after apply)
      ~ to_port                  = 8000 -> 9900 # forces replacement
        # (5 unchanged attributes hidden)
    }

Thanks,
Navneet