Nearly fully working example (seems to have an IAM policy issue). Demonstrates that `aws_opsworks_custom_layer.app.ebs_volume.size` is not refreshing values

main.tf

resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" "main" {
  vpc_id     = "${aws_vpc.main.id}"
  cidr_block = "10.0.1.0/24"
}

resource "aws_security_group" "allow_all" {
  name        = "allow_all"
  description = "Allow all inbound traffic"
  vpc_id      = "${aws_vpc.main.id}"

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_iam_role" "opsworks_service" {
  name = "opsworks-service"

  assume_role_policy = <<EOF
{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "opsworks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

resource "aws_iam_policy" "opsworks_service" {
  name        = "opsworks-service"
  description = "AWS tools for OpsWorks Stack"

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1412626646000",
      "Action": [
        "ec2:*",
        "iam:PassRole",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:DescribeAlarms",
        "elasticloadbalancing:*",
        "rds:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ]
}
EOF
}

resource "aws_iam_policy_attachment" "opsworks_service" {
  name       = "opsworks-service"
  roles      = ["${aws_iam_role.opsworks_service.name}"]
  policy_arn = "${aws_iam_policy.opsworks_service.arn}"
}

resource "aws_iam_role" "ec2" {
  name = "ec2"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      }
    }
  ]
}
EOF
}

resource "aws_opsworks_stack" "default" {
  configuration_manager_name    = "Chef"
  configuration_manager_version = "11.10"
  agent_version                 = "3442-20161201055821"
  use_opsworks_security_groups  = false
  default_root_device_type      = "instance-store"
  service_role_arn              = "${aws_iam_role.opsworks_service.arn}"
  default_instance_profile_arn  = "${aws_iam_role.ec2.arn}"
  name                          = "default"
  region                        = "us-east-1"
  default_os                    = "Ubuntu 14.04 LTS"
  default_subnet_id             = "${aws_subnet.main.id}"
  vpc_id                        = "${aws_vpc.main.id}"
  hostname_theme                = "Layer_Dependent"
  manage_berkshelf              = false
  use_custom_cookbooks          = false
}

resource "aws_opsworks_custom_layer" "app" {
  name                      = "app"
  short_name                = "app"
  stack_id                  = "${aws_opsworks_stack.default.id}"
  custom_security_group_ids = ["${aws_security_group.allow_all.id}"]

  ebs_volume = {
    mount_point = "/mnt/data"

    // Issue: The value `size` is not updated when changed
    size            = 100
    number_of_disks = 1
    raid_level      = "None"
    type            = "gp2"
  }

  # network
  auto_assign_elastic_ips = false
  auto_assign_public_ips  = false
  drain_elb_on_shutdown   = true

  # chef
  custom_setup_recipes     = []
  custom_configure_recipes = []
  custom_deploy_recipes    = []
  custom_undeploy_recipes  = []
  custom_shutdown_recipes  = []
}