Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KMS arguments unintuitive #30120

Open
steve-hb opened this issue Mar 18, 2023 · 2 comments
Open

KMS arguments unintuitive #30120

steve-hb opened this issue Mar 18, 2023 · 2 comments
Labels
breaking-change Introduces a breaking change in current functionality; usually deferred to the next major release. enhancement Requests to existing resources that expand the functionality or scope. service/logs Issues and PRs that pertain to the logs service.

Comments

@steve-hb
Copy link

Description

I've been adding KMS to all my resources and wondered why Terraform couldn't find the KMS key for the cloudwatch log group. Checked the code multiple times, tried adding a "depends_on" (maybe the dependency resolution broke?), tried changing policies and finally decided to read the docs again:

kms_key_id - (Optional) The ARN of the KMS Key to use when encrypting log data.

This resulted in the following code (with some small changes):

resource "aws_cloudwatch_log_group" "my_log_group" {
  name              = "my-wonderful-log-group"
  retention_in_days = 14
  kms_key_id        = aws_kms_key.encryption_key.arn
}

Could we please rename the kms_key_id argument to kms_key_arn in order to have consistent arguments? Maybe adding an alias and deprecating the old one is feasible in this case?
This issue doesn't only affect CW, but some other resources - some of them supposedly support both formats.

If I miss something specific about the terminology of KMS, please let me know :)

PS: Sorry if I chose the wrong template, couldn't decide between bug, enhancement and docs (which are correct tho, just a little bit confusing).

References

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#argument-reference

Would you like to implement a fix?

None
@steve-hb steve-hb added the needs-triage Waiting for first response or review from a maintainer. label Mar 18, 2023
@github-actions github-actions bot added the service/logs Issues and PRs that pertain to the logs service. label Mar 18, 2023
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@justinretzolk justinretzolk added enhancement Requests to existing resources that expand the functionality or scope. breaking-change Introduces a breaking change in current functionality; usually deferred to the next major release. and removed needs-triage Waiting for first response or review from a maintainer. labels May 3, 2023
@mbbush
Copy link
Contributor

mbbush commented Jan 3, 2024

The choice of name is definitely confusing, and it's in a lot of resources across the provider. In many cases, you can use the kms key id (or the ARN), but only when the resource is in the same aws account as the key, so using the ARN is generally preferred.

The hard part is figuring out how to implement this in a way that doesn't break existing code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking-change Introduces a breaking change in current functionality; usually deferred to the next major release. enhancement Requests to existing resources that expand the functionality or scope. service/logs Issues and PRs that pertain to the logs service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mbbush @justinretzolk @steve-hb