Updated secrets_manager secrets values manually , now terraform is giving error

Hey Team , I have updated the secret values manually in console , later when I run apply in terraform. Getting error while applying. Not able to delete the current version ID also which is conflicting the terraform new ID

IN PLAN : #module.opensearch.aws_secretsmanager_secret_version.users[“readonly”] will be updated in-place
~ resource “aws_secretsmanager_secret_version” “users” {
id = “arn:aws:secretsmanager:ap-southeast-2:123456789:secret:abc|7873FBF4-BB8B-42CC-8E89-7FFDAA8CD0BB”
~ version_stages = [
# (5 unchanged attributes hidden)


│ Error: error updating Secrets Manager Secret “arn:aws:secretsmanager:ap-southeast-2:123456789:secret:abc” Version Stage “AWSCURRENT”: InvalidParameterException: The parameter RemoveFromVersionId can’t be empty. Staging label AWSCURRENT is currently attached to version ccc73b1e-7888-4582-929b-04a10ddede58, so you must explicitly reference that version in RemoveFromVersionId.

│ with module.opensearch.aws_secretsmanager_secret_version.users[“admin”],
│ on modules\opensearch\secrets.tf line 40, in resource “aws_secretsmanager_secret_version” “users”:
│ 40: resource “aws_secretsmanager_secret_version” “users” {

Code in Terraform

resource “aws_secretsmanager_secret_version” “users” {
for_each = local.os_user_role_map
secret_id = aws_secretsmanager_secret.users[each.key].id
secret_string = jsonencode({
User = each.key,
Password = random_password.users[each.key].result,
Roles = each.value
version_stages = [“AWSCURRENT”]

Have you tried removing the secrets from the state file and then re-importing the resources in terraform?

Hi Stephen ,

Thanks for the response ,

No I havent modified anything in statefile as I thought it might get corrupt.

So can you please brief me how can I delete that particular secrets for (abc) only without deleting other customer secrets

To remove a secret from the state file will allow that secret to exist in AWS still (it only removes the management from terraform piece). Then you can re-import them.

terraform state rm aws_secretsmanager_secret_version.abc
terraform state rm aws_secretsmanager_secret.abc

Thanks Stephan !! Will try this method