[Bug]: Removing efs file system by removing custom_file_system_config block does not work

[greyes-trc]

Terraform Core Version

1.7.0

AWS Provider Version

5.30

Affected Resource(s)

• aws_sagemaker_domain

Expected Behavior

Removing the custom_file_system_config block from the code should remove the custom_file_system_config in the state. Describing the domain with 'aws sagemaker describe-domain --domain-id <domain-id> should include the line:

"custom_file_system_config": []

Actual Behavior

The terraform plan states that the resource will be updated and terraform apply succeeds. However, checking both the terraform state and running aws sagemaker describe-domain indicate that the EFS block is still in there.

"custom_file_system_config": [
    {
        "EFSFileSystemConfig": {
            "FileSystmemId": "fs-01234567891011121",
            "FileSystemPath": "/"
        }
    } 
]

Performing terraform plan and apply again results in terraform wanting to remove the bock again.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_efs_file_system" "test" {
  tags = {
    Name = "${var.NAMEPREFIX}efs-test"
  }
}

resource "aws_efs_mount_target" "test" {
  file_system_id = aws_efs_file_system.test.id
  subnet_id      = tolist(data.aws_subnets.app_subnets.ids)[0]
}

 resource "aws_sagemaker_domain" "this" {
   domain_name = "sagemaker-domain-test"
   auth_mode   = "IAM"
   vpc_id      = aws_vpc.test.id

   default_user_settings {
     execution_role = aws_iam_role.sagemaker-studio-role.arn

     # custom_file_system_config {
     #   efs_file_system_config {
     #     file_system_id   = aws_efs_file_system.test.id
     #     file_system_path = "/"
     #   }
     # }
   }
 }

Steps to Reproduce

1. Deploy a Sagemaker studio domain
2. Add custom_file_system_config block with tf plan and apply
3. Check state that custom_file_system_config was updated
4. Remove custom_file_system_config block by commenting out the corresponding terraform code
5. Check tf state and sagemaker describe-domain: custom_file_system_config is still the same as in step 3

Debug Output

No response

Panic Output

No response

Important Factoids

The debugging log showed that the update API call removed the CustomFileSystemConfigs Attribute completely. However, a manual test showed that AWS expect the value to be set to [] in order to remove the file system.
Example:
aws sagemaker update-domain --domain-id d-2pdw52ghk3yo --default-user-settings ‘{“CustomFileSystemConfigs”:[]}’ --profile aws_provider_profile

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[brakf]

Created the test case already #35505