-
Notifications
You must be signed in to change notification settings - Fork 9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Cannot create or modify KMS key with tf 1.3.6 and provider 4.46.0 #28390
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
I am facing the same issue with terraform version 1.3.7 and AWS Provider version 4.5 |
Also having this same issue with terraform 1.3.6 and AWS provider 4.50.0 |
Same issue. Terraform 1.3.9, AWS provider 4.48.0 |
Same, with 1.3.9 and provider 4.55.0. Strangely, it's just for one key, and we have a lot of them across a lot of projects, all deployed via the same module. Granted, though, it's a fairly complicated key policy because it manages access to our central Terraform state bucket CMK (of all things)... In the console, the individual elements of the policy switch places over and over while Terraform is deploying, so it seems to have to do with sorting - although that might just be a normal behavior that usually doesn't matter and is ignored because it has no effect. The policy is updated in the end, but Terraform never considers the deployment finished and attempts to update it again on the next run. Removing and reimporting the key does not help - Terraform attempts to update it again immediately after importing. |
For me, the issue is solved. An |
Facing same issue. We are using the https://github.com/terraform-aws-modules/terraform-aws-eks module. This module in turn uses the https://github.com/terraform-aws-modules/terraform-aws-kms module. In the console of my AWS account I see the KMS key is there and the key also has the policy applied as defined by the terraform module. Still terraform fails with every single apply. Also for us this is a big blocker as all our CI/CD pipelines are failing. See here how we use the module kms_key_deletion_window_in_days = 7
kms_key_owners = var.kms_key_owners
kms_key_administrators = var.kms_key_administrators Both variables are used with roles. |
2 similar comments
Facing same issue. We are using the https://github.com/terraform-aws-modules/terraform-aws-eks module. This module in turn uses the https://github.com/terraform-aws-modules/terraform-aws-kms module. In the console of my AWS account I see the KMS key is there and the key also has the policy applied as defined by the terraform module. Still terraform fails with every single apply. Also for us this is a big blocker as all our CI/CD pipelines are failing. See here how we use the module kms_key_deletion_window_in_days = 7
kms_key_owners = var.kms_key_owners
kms_key_administrators = var.kms_key_administrators Both variables are used with roles. |
Facing same issue. We are using the https://github.com/terraform-aws-modules/terraform-aws-eks module. This module in turn uses the https://github.com/terraform-aws-modules/terraform-aws-kms module. In the console of my AWS account I see the KMS key is there and the key also has the policy applied as defined by the terraform module. Still terraform fails with every single apply. Also for us this is a big blocker as all our CI/CD pipelines are failing. See here how we use the module kms_key_deletion_window_in_days = 7
kms_key_owners = var.kms_key_owners
kms_key_administrators = var.kms_key_administrators Both variables are used with roles. |
Terraform Core Version
1.3.6
AWS Provider Version
4.46.0
Affected Resource(s)
Expected Behavior
Create the key
Actual Behavior
Errors, but I see the key created in the console.
Relevant Error/Panic Output Snippet
see #27641
Terraform Configuration Files
See #27641
Steps to Reproduce
see #27641
Debug Output
see #27641
Panic Output
No response
Important Factoids
This is a huge blocker for us
References
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: