Howdy, I'm late on this, but I wanted to note that I ran into this behavior using normal terraform a while ago (2018ish?)
We found that terraform was doing a "delete all rules -> recreate all rules" thing for us, and what would happen is we would create a very broad rule (e.g. 10.0.0.0/8) and then later we'd try to create a new rule that "fell under" that rule due to CIDR notation (e.g. 10.100.0.0/16) and had the same port/protocol, the AWS API would throw this error at us, and terraform would exit
from a user perspective this looked exactly like terraform just nuked all of the rules but one, or however many rules it got through before encountering these pseudo-duplicates