We originally had IAM users with API access, S3 bucket for terraform backend and DynamoDB lock table all on Account A the same account. Our company is in the process of migrating IAM users to Account B. We started having issues with TF saying the expected digest/md5 did not match. I enabled logging with TF_LOG = TRACE and found that when using my IAM User API keys for Account B, TF is trying to hit a DynamoDB lock table in Account B instead of Account A now. So our pipelines in the dev environments were still updating the digest in the lock table on Account A, but when we did anything locally with our new IAM users API keys from Account B the digest was updated in a DynamoDB table in Account B and things started getting out of sync. We need to update all our repos to tell the backend to always use the lock table in Account A for now until we can figure out our long term strategy.