aws_glue_catalog_database is having checkbox checked for `Default permissions for newly created tables` by default when created through terraform

Question

I have a terraform resource defined for aws_glue_catalog_database, but by default it is checking the checkbox under Default permission for newly created tables. I have tried keeping the create_table_default_permission as null and removing the parameter; nothing helped.

Finally I tried manually editing the resource and unchecked the checkbox and when imported I was getting an error as

Error: Resource already managed by Terraform │ │ Terraform is already managing a remote object for module.glue_database["org_lh_abc_xyz"].aws_glue_catalog_database.this[0]. To import to this address you must first remove the existing object from the state.

resource "aws_glue_catalog_database" "this" {
  count        = var.create_glue_catalog_database ? 1 : 0
  name         = var.catalog_database_name
  description  = var.catalog_database_description
  catalog_id   = var.catalog_id
  location_uri = var.location_uri
  parameters   = var.parameters
# create_table_default_permission {}
# create_table_default_permission = []
#  dynamic "create_table_default_permission" {
#    for_each = var.create_table_default_permission != null ? [true] : []
#     
#     content {
#      permissions = try(var.create_table_default_permission.permissions, null)
#       dynamic "principal" {
#        for_each = try(var.create_table_default_permission.principal, null) != null ? [true] : []
#         
#         content {
#          data_lake_principal_identifier = try(var.create_table_default_permission.principal.data_lake_principal_identifier, null)
#        }
#      }
#    }
#  }


  dynamic "target_database" {
    for_each = var.target_database != null ? [true] : []

    content {
      catalog_id    = var.target_database.catalog_id
      database_name = var.target_database.database_name
    }
  }

  tags = merge(
            var.standard_tags,
            var.tags,
            var.security_tags
          )
}

module "glue_database" {
  for_each                     = toset([var.glue_database_xyz, var.glue_database_pqr])
  source                       = "./module"
  create_glue_catalog_database = true
  catalog_database_name        = each.key
  catalog_database_description = "Database for ${var.pipeline} pipeline"
#   location_uri                 = local.data_source
  standard_tags = merge(local.common_primary_tags, var.mandatory_tags)
# create_table_default_permission = []
}

Answer 1

Looks like terraform does not support this yet within the resource. I have achieved this through AWS cli but by using terraform null resource.

resource "null_resource" "update_glue_database" {
  for_each = module.glue_database
  triggers = {
    database_name = each.key
  }

  provisioner "local-exec" {
    command = <<EOT
      aws glue update-database \
        --name "${each.key}" \
        --database-input '{"Name": "${each.key}","CreateTableDefaultPermissions": []}' \
        --no-verify-ssl \
        --region ${var.aws_region}
    EOT
  }

  depends_on = [module.glue_database]
}