Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform CLI and Terraform AWS Provider Version
Terraform 1.2.0
AWS Provider 4.15.1
Affected Resource(s)
aws_s3_object
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Community Note
Terraform CLI and Terraform AWS Provider Version
Terraform 1.2.0 AWS Provider 4.15.1
Affected Resource(s)
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Debug Output
Panic Output
Expected Behavior
S3 object created. Object encrypted with the CMK pointed to by "alias/my-kms-key-alias".
Actual Behavior
Error: "kms_key_id" (alias/my-kms-key-alias) is an invalid ARN: arn: invalid prefix
Steps to Reproduce
terraform apply
Important Factoids
As far as I understand, this happens because the ARN validation function is applied to
kms_key_id
by the provider:S3 API supports the alias notation directly when creating objects, e.g. the following CLI command executes successfully:
Besides, Terraform does support the alias notation in other places, for example in the remote backend config:
Without direct support for the alias notation, the config becomes more complex as the ARN of the key needs to be fetched first.
References
0000