Plan-time validation if attempting to manage the same physical resource with two Terraform resources

[kmoe]

For example, consider the aws_s3_bucket_policy resource:

resource "aws_s3_bucket" "b" {
  bucket = "my_tf_test_bucket"
}

resource "aws_s3_bucket_policy" "b" {
  bucket = "${aws_s3_bucket.b.id}"

  policy = ...
}

AWS permits only one bucket policy per bucket, and buckets are individuated by the bucket.id attribute. However, there is nothing to stop us creating multiple aws_s3_bucket_policy resources for the same bucket in our Terraform configuration.

A new schema behaviour, or other plan-time validation, could enforce at most one resource for each value of the specified attribute.

Proposed by @bflad.

[apparentlymart]

I wrote up some notes on an idea that relates to this in hashicorp/terraform#22094, but that it a larger idea conceptually so if there is a smaller version of it that fits in the SDK itself that'd be great!

[bflad]

I believe this may be the same as #224

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.