This error seems to be error specific and occurred when we increase WCU unit limit for AWS WAFv2. Identical configuration works perfect for Cloudfront WAF though. After initial set up of ACL rules below 1500 standard limit, WCU limit was increased and now I am getting following error.
Error: Provider produced inconsistent final plan
│
│ When expanding the plan for module.eu_prod_waf2.aws_wafv2_web_acl.fuel50_managed_acl to include new values learned so far during apply, provider
│ “Terraform Registry” produced an invalid new value for .rule: planned set element
│cty.ObjectVal(map[string]cty.Value{“action”:cty.ListValEmpty(cty.Object(map[string]cty.Type{“allow”:cty.List(cty.Object(map[string]cty.Type{“custom_request_handling”:cty.List(cty.Object(map[string]cty.Type{“insert_header”:cty.Set(cty.Object(map[string]cty.Type{“name”:cty.String,
│ “value”:cty.String}))}))})),
“metric_name”:cty.StringVal(“aws-managed-core-rules”), “sampled_requests_enabled”:cty.True})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider’s own issue tracker.
A few attempts to fix it were made:
- Someone suggested to check tfstate for mismatching state file. [the state is in TF Cloud, not locally]
- run terraform init / plan / apply
- Set WAF ACL rule version. That seemed to work but returned another error “Error Updating WAF Rule: WAFNonexistentItemException”, however the item (ACL) exists in reality.
Ways to replicate:
Error does not seem to be consistent and appear on other environments.