diff --git a/vpn-transit-gateway/main.tf b/vpn-transit-gateway/main.tf
index 88d782d..7e237bc 100644
--- a/vpn-transit-gateway/main.tf
+++ b/vpn-transit-gateway/main.tf
@@ -178,6 +178,27 @@ resource "aws_vpn_connection" "vpn" {
     }
   }
 
+  # this is here because if you change the tunnel (trigger a reset) through the console, it will populate
+  # it with all the values possible.  This ignores it. It is not a good practice.
+  lifecycle {
+    ignore_changes = [
+      tunnel1_ike_versions,
+      tunnel1_phase1_dh_group_numbers,
+      tunnel1_phase1_encryption_algorithms,
+      tunnel1_phase1_integrity_algorithms,
+      tunnel1_phase2_dh_group_numbers,
+      tunnel1_phase2_encryption_algorithms,
+      tunnel1_phase2_integrity_algorithms,
+      tunnel2_ike_versions,
+      tunnel2_phase1_dh_group_numbers,
+      tunnel2_phase1_encryption_algorithms,
+      tunnel2_phase1_integrity_algorithms,
+      tunnel2_phase2_dh_group_numbers,
+      tunnel2_phase2_encryption_algorithms,
+      tunnel2_phase2_integrity_algorithms,
+    ]
+  }
+
   tags = merge(
     local.base_tags,
     var.tags,