From f818ce1331d49b9ee9e912f0d0d3ef8c4f64f310 Mon Sep 17 00:00:00 2001
From: Angie Pinilla <angie@hashicorp.com>
Date: Wed, 30 Mar 2022 16:38:55 -0400
Subject: [PATCH 1/2] internal/conns: add retry handling for
 InternalErrorException when calling fms.PutPolicy

---
 internal/conns/conns.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/internal/conns/conns.go b/internal/conns/conns.go
index 9a495f7e2bd..1feb0be2f1f 100644
--- a/internal/conns/conns.go
+++ b/internal/conns/conns.go
@@ -1232,6 +1232,13 @@ func (c *Config) Client(ctx context.Context) (interface{}, diag.Diagnostics) {
 			if tfawserr.ErrMessageContains(r.Error, fms.ErrCodeInvalidOperationException, "Your AWS Organization is currently onboarding with AWS Firewall Manager and cannot be offboarded.") {
 				r.Retryable = aws.Bool(true)
 			}
+		// System problems can arise during FMS policy updates (maybe also creation),
+		// so we set the following operation as retryable.
+		// Reference: https://github.com/hashicorp/terraform-provider-aws/issues/23946
+		case "PutPolicy":
+			if tfawserr.ErrCodeEquals(r.Error, fms.ErrCodeInternalErrorException) {
+				r.Retryable = aws.Bool(true)
+			}
 		}
 	})
 

From a21368c19ae6d63505e9264a9cafb8314ff58627 Mon Sep 17 00:00:00 2001
From: Angie Pinilla <angie@hashicorp.com>
Date: Wed, 30 Mar 2022 16:39:00 -0400
Subject: [PATCH 2/2] Update CHANGELOG for #23952

---
 .changelog/23952.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/23952.txt

diff --git a/.changelog/23952.txt b/.changelog/23952.txt
new file mode 100644
index 00000000000..4615e7446a3
--- /dev/null
+++ b/.changelog/23952.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_fms_policy: Retry when `InternalErrorException` errors are returned from the AWS API
+```
\ No newline at end of file