Terraform with remote state always wants to replace everything

[oleksandrsv]

Hi, if I apply locally - Terraform sees no difference with remote state. All resources are present in state. But if I remove local cache and then try to run plan - terraform wants to replace everything.

My guess is this causing:

  # module.aws_sso_elevator.module.access_revoker.local_file.archive_plan[0] must be replaced
-/+ resource "local_file" "archive_plan" {
      ~ content              = jsonencode(
          ~ {
              ~ filename      = "builds/c88c71cd99f71d6deb0a46969c1584ca1e2899cb3d765ce1429cb558d8abfb90.zip" -> "builds/ea77b66cded6aa48746807d9ae14d5778eb410a58ce354f177b855ddcb9b44d5.zip"
                # (4 unchanged attributes hidden)
            } # forces replacement

Other changes are triggered by above change:

  # module.aws_sso_elevator.module.access_requester_slack_handler.local_file.archive_plan[0] must be replaced
-/+ resource "local_file" "archive_plan" {
      ~ content              = jsonencode(
          ~ {
              ~ filename      = "builds/440c17238b2c1372e39edfcd5cfa32e30734dc8bc55e231aa5709b9ecf8c2603.zip" -> "builds/8c84fb1091d4a4619cd0f5d723de0b9b3f07307c3b9dda4e3f28f13253408f1e.zip"
                # (4 unchanged attributes hidden)
            } # forces replacement

  # module.aws_sso_elevator.module.access_requester_slack_handler.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "7943143754658354399" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "filename"  = "builds/440c17238b2c1372e39edfcd5cfa32e30734dc8bc55e231aa5709b9ecf8c2603.zip" -> "builds/8c84fb1091d4a4619cd0f5d723de0b9b3f07307c3b9dda4e3f28f13253408f1e.zip"
          ~ "timestamp" = "1696931179506613000" -> "1699558849737953000"

  # module.aws_sso_elevator.module.access_requester_slack_handler.null_resource.sam_metadata_aws_lambda_function[0] must be replaced
-/+ resource "null_resource" "sam_metadata_aws_lambda_function" {
      ~ id       = "3858702888759506643" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "built_output_path"    = "builds/440c17238b2c1372e39edfcd5cfa32e30734dc8bc55e231aa5709b9ecf8c2603.zip" -> "builds/8c84fb1091d4a4619cd0f5d723de0b9b3f07307c3b9dda4e3f28f13253408f1e.zip"

  # module.aws_sso_elevator.module.access_revoker.aws_lambda_permission.current_version_triggers["check_inconsistency"] must be replaced
-/+ resource "aws_lambda_permission" "current_version_triggers" {
      ~ id                  = "check_inconsistency" -> (known after apply)
      ~ qualifier           = "9" # forces replacement -> (known after apply) # forces replacement

  # module.aws_sso_elevator.module.access_revoker.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "1049804038215205338" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "filename"  = "builds/c88c71cd99f71d6deb0a46969c1584ca1e2899cb3d765ce1429cb558d8abfb90.zip" -> "builds/ea77b66cded6aa48746807d9ae14d5778eb410a58ce354f177b855ddcb9b44d5.zip"
          ~ "timestamp" = "1696931179505630000" -> "1699558849737952000"

  # module.aws_sso_elevator.module.access_revoker.null_resource.sam_metadata_aws_lambda_function[0] must be replaced
-/+ resource "null_resource" "sam_metadata_aws_lambda_function" {
      ~ id       = "107939786678733627" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "built_output_path"    = "builds/c88c71cd99f71d6deb0a46969c1584ca1e2899cb3d765ce1429cb558d8abfb90.zip" -> "builds/ea77b66cded6aa48746807d9ae14d5778eb410a58ce354f177b855ddcb9b44d5.zip"

I have found that changing source.content instead of the local filepath could possibly be a solution for it, but I didn't manage to find how this archive is created.