I am running into an error while trying to enable the AWS IOT AccountAuditConfiguration. Unfortunately there is no support for that in AWS Terraform (if there is please let me know). The cloudformation supports it. I wrote the terraform script to invoke it and I am running into resource already exists error. I think I want to update it rather than to declare it.
Here are the files.

The sample.json.tpl file

{ 
  "AWSTemplateFormatVersion": "2010-09-09", 
  "Description": "Amazon Web Services IoT AccountAuditConfiguration Template", 
  "Resources": {
    "IoTAuditConfiguration": { 
      "Type": "AWS::IoT::AccountAuditConfiguration",
      "Properties": {
        "AccountId": "${account_id}", 
        "AuditCheckConfigurations": {
          "AuthenticatedCognitoRoleOverlyPermissiveCheck": { "Enabled": true },
          "CaCertificateExpiringCheck": { "Enabled": true }, 
          "CaCertificateKeyQualityCheck": {"Enabled": true }, 
          "ConflictingClientIdsCheck": { "Enabled": true },
          "DeviceCertificateExpiringCheck": { "Enabled": true },
          "DeviceCertificateKeyQualityCheck": { "Enabled": true }, 
          "DeviceCertificateSharedCheck": { "Enabled": true }, 
          "IntermediateCaRevokedForActiveDeviceCertificatesCheck" : {"Enabled" : true},
          "IotPolicyOverlyPermissiveCheck": { "Enabled": true },
          "IoTPolicyPotentialMisConfigurationCheck" : {"Enabled" : true},
          "IotRoleAliasAllowsAccessToUnusedServicesCheck": { "Enabled": true },
          "IotRoleAliasOverlyPermissiveCheck": { "Enabled": true }, 
          "LoggingDisabledCheck": { "Enabled": true }, 
          "RevokedCaCertificateStillActiveCheck": { "Enabled": true },
          "RevokedDeviceCertificateStillActiveCheck": { "Enabled": true },
          "UnauthenticatedCognitoRoleOverlyPermissiveCheck": { "Enabled": true } 
        },
        "AuditNotificationTargetConfigurations": { 
          "Sns":  {
            "TargetArn": "${sns_notifications_arn}",
            "RoleArn": "${role}",
            "Enabled": true
          }
          },
        "RoleArn": "${role}"
      }
    }  
  }
}

The cloudformation_deploy.tf

data "template_file" "aws_iot_account_audit_enable" {
    template = "${file("${path.module}/sample.json.tpl")}" 
    vars = {
        account_id = data.aws_caller_identity.current.account_id 
        sns_notifications_arn = aws_sns_topic.iot_topic.arn
        role = aws_iam_role.iot_role.name
    }
}

resource "aws_cloudformation_stack" "stack" {
    name = "stack"
    template_body = "${data.template_file.aws_iot_account_audit_enable.rendered}"
}

This is the error I am getting.

Error: waiting for CloudFormation Stack (arn:aws:cloudformation:us-east-2:xxxxxxxxxxxx:stack/stack/xxxxxxxxxxxxx) 
create: failed to create CloudFormation stack, rollback requested (ROLLBACK_COMPLETE): 
["The following resource(s) failed to create: [IoTAuditConfiguration]. Rollback requested by user." 
"Resource handler returned message: "The AccountAuditConfiguration already exists." (RequestToken: xxxxxxxxxxxxxxxxxxx, HandlerErrorCode: AlreadyExists)"]

I think I am trying to create something which already exists? How do I go about updating/configuring it?