Using data.aws_caller_identity.current.account_id to fetch the account id where the resources are being deployed would throw error if the terraform user is using assuming a role from a different account; this would cause the KMS key to be unmanageable.
sarjumulmi
commented
2 years ago