diff --git a/lib/modules/manager/npm/update/locked-dependency/package-lock/index.ts b/lib/modules/manager/npm/update/locked-dependency/package-lock/index.ts
index 850926e4818af3be858827547f95b9fc7368dd8f..4ca4d9a04d5bf6c3de3011f5fa9f89438ceecd4d 100644
--- a/lib/modules/manager/npm/update/locked-dependency/package-lock/index.ts
+++ b/lib/modules/manager/npm/update/locked-dependency/package-lock/index.ts
@@ -206,7 +206,7 @@ export async function updateLockedDependency(
         }
       } else if (depType) {
         // TODO: `newValue` can probably null
-        // The constaint comes from the package.json file, so we need to update it
+        // The constraint comes from the package.json file, so we need to update it
         const newValue = semver.getNewValue({
           currentValue: constraint,
           rangeStrategy: 'replace',
diff --git a/lib/modules/manager/terraform/lockfile/update-locked.spec.ts b/lib/modules/manager/terraform/lockfile/update-locked.spec.ts
new file mode 100644
index 0000000000000000000000000000000000000000..18b82224517e657d3ddeb3a8696a736aca358f21
--- /dev/null
+++ b/lib/modules/manager/terraform/lockfile/update-locked.spec.ts
@@ -0,0 +1,72 @@
+import { Fixtures } from '../../../../../test/fixtures';
+import type { UpdateLockedConfig } from '../../types';
+import { updateLockedDependency } from './update-locked';
+import * as utilFns from './util';
+
+const lockFile = 'terraform.hcl';
+
+const lockFileContent = Fixtures.get('validLockfile.hcl');
+
+describe('modules/manager/terraform/lockfile/update-locked', () => {
+  it('detects already updated', () => {
+    const config: UpdateLockedConfig = {
+      packageFile: 'main.tf',
+      lockFile,
+      lockFileContent,
+      depName: 'hashicorp/aws',
+      newVersion: '3.0.0',
+      currentVersion: '3.0.0',
+    };
+    expect(updateLockedDependency(config).status).toBe('already-updated');
+  });
+
+  it('returns unsupported if dependency is undefined', () => {
+    const config: UpdateLockedConfig = {
+      packageFile: 'main.tf',
+      lockFile,
+      lockFileContent,
+      depName: undefined as never,
+      newVersion: '3.1.0',
+      currentVersion: '3.0.0',
+    };
+    expect(updateLockedDependency(config).status).toBe('unsupported');
+  });
+
+  it('returns unsupported if lockfileContent is undefined', () => {
+    const config: UpdateLockedConfig = {
+      packageFile: 'main.tf',
+      lockFile,
+      depName: 'hashicorp/not-there',
+      newVersion: '3.1.0',
+      currentVersion: '3.0.0',
+    };
+    expect(updateLockedDependency(config).status).toBe('unsupported');
+  });
+
+  it('returns unsupported', () => {
+    const config: UpdateLockedConfig = {
+      packageFile: 'main.tf',
+      lockFile,
+      lockFileContent,
+      depName: 'hashicorp/aws',
+      newVersion: '3.1.0',
+      currentVersion: '3.0.0',
+    };
+    expect(updateLockedDependency(config).status).toBe('unsupported');
+  });
+
+  it('returns update-failed for errors', () => {
+    const config: UpdateLockedConfig = {
+      packageFile: 'main.tf',
+      lockFile,
+      lockFileContent,
+      depName: 'hashicorp/aws',
+      newVersion: '3.1.0',
+      currentVersion: '3.0.0',
+    };
+    jest
+      .spyOn(utilFns, 'extractLocks')
+      .mockReturnValueOnce(new Error() as never);
+    expect(updateLockedDependency(config).status).toBe('update-failed');
+  });
+});
diff --git a/lib/modules/manager/terraform/lockfile/update-locked.ts b/lib/modules/manager/terraform/lockfile/update-locked.ts
new file mode 100644
index 0000000000000000000000000000000000000000..0a1e7ea81544dab40b348bae2e0674095c9ff6bb
--- /dev/null
+++ b/lib/modules/manager/terraform/lockfile/update-locked.ts
@@ -0,0 +1,25 @@
+import { logger } from '../../../../logger';
+import type { UpdateLockedConfig, UpdateLockedResult } from '../../types';
+import { extractLocks } from './util';
+
+export function updateLockedDependency(
+  config: UpdateLockedConfig
+): UpdateLockedResult {
+  const { depName, currentVersion, newVersion, lockFile, lockFileContent } =
+    config;
+  // TODO: fix types (#7154)
+  logger.debug(
+    `terraform.updateLockedDependency: ${depName}@${currentVersion!} -> ${newVersion} [${lockFile}]`
+  );
+  try {
+    const locked = extractLocks(lockFileContent ?? '');
+    const lockedDep = locked?.find((dep) => dep.packageName === depName ?? '');
+    if (lockedDep?.version === newVersion) {
+      return { status: 'already-updated' };
+    }
+    return { status: 'unsupported' };
+  } catch (err) {
+    logger.debug({ err }, 'bundler.updateLockedDependency() error');
+    return { status: 'update-failed' };
+  }
+}