query for aws_acmpca_certificate_authority data source by tag

[BryanStenson-okta]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

aws_acmpca_certificate_authority data source requires the arn of the CA. I'd like to extend the data source to support searching for a given CA by tag (name, etc).

New or Affected Resource(s)

• aws_acmpca_certificate_authority

Potential Terraform Configuration

Following the aws_vpc filter attribute, here's an example of what this might look like:

data "aws_acmpca_certificate_authority" "example" {
  filter {
    name   = "tag:Name"
    values = ["my_fancy_private_ca"]
  }
}

References

[mattburgess]

Unfortunately, this looks like it's lacking support in the AWS API at this point in time. https://docs.aws.amazon.com/sdk-for-go/api/service/acmpca/#ACMPCA.DescribeCertificateAuthority states:

You specify the private CA on input by its ARN (Amazon Resource Name).

If you compare that with https://docs.aws.amazon.com/sdk-for-go/api/service/ec2/#DescribeVpcsInput, you'll see it has explicit support for filtering based on tags, hence the provider's ability to do the same.

I think the most prudent way forward might be for those interested in this to contact your AWS support/TAM to ask if support for filtering ACMPCA CAs by tag can be added to the API. Or perhaps see if raising such a request on https://github.com/aws/aws-sdk gets any traction?

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!