[Bug]: aws_cloudformation_stack_instances doesn't respect the `accounts` input

[Veetaha]

Terraform and AWS Provider Version

Terraform v1.11.3
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v5.94.1

Affected Resource(s) or Data Source(s)

• aws_cloudformation_stack_instances

Expected Behavior

I expect the accounts input to be respected and passed to CreateStackInstances API directly

Actual Behavior

No matter what I specify in the accouts input of the resource the Terraform AWS provider always sets the AWS account ID of the deployer identity as the accounts input.

This bug is extremely straightforward to spot in code here:

terraform-provider-aws/internal/service/cloudformation/stack_instances.go

Lines 266 to 280 in c65ece0

	if v, ok := d.GetOk(AttrAccounts); ok && v.(*schema.Set).Len() > 0 {
	input.Accounts = flex.ExpandStringValueSet(v.(*schema.Set))
	}
	deployedByOU := ""
	if v, ok := d.GetOk("deployment_targets"); ok && len(v.([]any)) > 0 && v.([]any)[0] != nil {
	input.DeploymentTargets = expandDeploymentTargets(v.([]any))
	input.Accounts = nil
	if v, ok := d.GetOk("deployment_targets.0.organizational_unit_ids"); ok && len(v.(*schema.Set).List()) > 0 {
	deployedByOU = "OU"
	}
	} else {
	input.Accounts = []string{meta.(*conns.AWSClient).AccountID(ctx)}
	}

See how the code sets the input.Accounts in the first if, but then resets it to []string{meta.(*conns.AWSClient).AccountID(ctx)} in the else branch of the following if.

Relevant Error/Panic Output

N/A

Sample Terraform Configuration

Click to expand configuration

resource "aws_cloudformation_stack_set" "this" {
    // ... doesn't matter
}

resource "aws_cloudformation_stack_instances" "this" {
  stack_set_name = aws_cloudformation_stack_set.this.name

  accounts = ["111111111111"]
  regions  = ["us-east-1"]
}

Steps to Reproduce

Apply the example configuration.

You'll see that it shows in the diff that it's going to apply the account 111111111111 in the accounts property of the resource but then it actually deploys with the current account in the stack instances. It also causes a perpetual diff.

Debug Logging

No response

GenAI / LLM Assisted Development

n/a

Important Facts and References

No response

Would you like to implement a fix?

No

[github-actions]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.