diff --git a/lib/modules/manager/terraform/lockfile/index.spec.ts b/lib/modules/manager/terraform/lockfile/index.spec.ts
index df8ad45196e9c7..7557011905d8e0 100644
--- a/lib/modules/manager/terraform/lockfile/index.spec.ts
+++ b/lib/modules/manager/terraform/lockfile/index.spec.ts
@@ -188,6 +188,86 @@ describe('modules/manager/terraform/lockfile/index', () => {
     ]);
   });
 
+  it('does not update dependency with exact constraint during lockfile update', async () => {
+    fs.readLocalFile.mockResolvedValueOnce(codeBlock`
+      provider "registry.terraform.io/hashicorp/aws" {
+        version     = "3.0.0"
+        constraints = "3.0.0"
+        hashes = [
+          "aaa",
+          "bbb",
+          "ccc",
+        ]
+      }
+    `);
+    fs.findLocalSiblingOrParent.mockResolvedValueOnce('.terraform.lock.hcl');
+
+    mockHash.mockResolvedValueOnce([
+      'h1:lDsKRxDRXPEzA4AxkK4t+lJd3IQIP2UoaplJGjQSp2s=',
+      'h1:6zB2hX7YIOW26OrKsLJn0uLMnjqbPNxcz9RhlWEuuSY=',
+    ]);
+
+    const result = await updateArtifacts({
+      packageFileName: 'main.tf',
+      updatedDeps: [
+        {
+          depName: 'hashicorp/aws',
+          packageName: 'hashicorp/aws',
+          depType: 'required_provider',
+          currentVersion: '3.0.0',
+          currentValue: '3.0.0',
+          newVersion: '3.36.0',
+          newValue: '3.36.0',
+          isLockfileUpdate: true,
+        },
+      ],
+      newPackageFileContent: '',
+      config,
+    });
+
+    expect(result).toBeNull();
+  });
+
+  it('does not update dependency with exact constraint within multiple during lockfile update', async () => {
+    fs.readLocalFile.mockResolvedValueOnce(codeBlock`
+      provider "registry.terraform.io/hashicorp/aws" {
+        version     = "3.0.0"
+        constraints = "~> 3.0, 3.0.0"
+        hashes = [
+          "aaa",
+          "bbb",
+          "ccc",
+        ]
+      }
+    `);
+    fs.findLocalSiblingOrParent.mockResolvedValueOnce('.terraform.lock.hcl');
+
+    mockHash.mockResolvedValueOnce([
+      'h1:lDsKRxDRXPEzA4AxkK4t+lJd3IQIP2UoaplJGjQSp2s=',
+      'h1:6zB2hX7YIOW26OrKsLJn0uLMnjqbPNxcz9RhlWEuuSY=',
+    ]);
+
+    const result = await updateArtifacts({
+      packageFileName: 'main.tf',
+      updatedDeps: [
+        {
+          depName: 'hashicorp/aws',
+          packageName: 'hashicorp/aws',
+          depType: 'required_provider',
+          currentVersion: '3.0.0',
+          currentValue: '3.0.0',
+          newVersion: '3.36.0',
+          newValue: '3.36.0',
+          isLockfileUpdate: true,
+        },
+      ],
+      newPackageFileContent: '',
+      config,
+    });
+
+    expect(result).toBeNull();
+  });
+
   it('do not update dependency with depType module', async () => {
     const result = await updateArtifacts({
       packageFileName: 'main.tf',
diff --git a/lib/modules/manager/terraform/lockfile/index.ts b/lib/modules/manager/terraform/lockfile/index.ts
index 11ff172002a85c..aca7419f3d78df 100644
--- a/lib/modules/manager/terraform/lockfile/index.ts
+++ b/lib/modules/manager/terraform/lockfile/index.ts
@@ -177,6 +177,20 @@ export async function updateArtifacts({
         if (!updateLock) {
           continue;
         }
+        if (dep.isLockfileUpdate) {
+          const versioning = getVersioning(dep.versioning);
+          const satisfyingVersion = versioning.getSatisfyingVersion(
+            [dep.newVersion!],
+            updateLock.constraints,
+          );
+
+          if (!satisfyingVersion) {
+            logger.debug(
+              `Skipping. Lockfile update with "${newVersion}" does not statisfy constraints "${updateLock.constraints}" for "${packageName}"`,
+            );
+            continue;
+          }
+        }
         const newConstraint = getNewConstraint(dep, updateLock.constraints);
         const update: ProviderLockUpdate = {
           // TODO #22198