[Bug]: Unexpected behavior after importing `aws_ssm_parameter`

[jmcvetta]

Terraform Core Version

1.3.1

AWS Provider Version

4.24.0

Affected Resource(s)

• aws_ssm_parameter

Expected Behavior

After importing an existing SSM Parameter Store parameter, TF notices that the resource's key_id in live infrastructure does not match configuration.

Actual Behavior

After importing an existing SSM Parameter Store parameter, TF fails to notice that the resource's key_id in live infrastructure does not match configuration.

This behavior occurs only when key_id is null in configuration. When key_id is null, it is supposed to default to the AWS-managed KMS key alias/aws/ssm. If key_id is set, then TF notices the difference.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_ssm_parameter" "foobar" {
  name        = "foobar"
  description = "Foo for the Bar"
  type        = "SecureString"
  value       = "my secret value"
  key_id      = null # Same behavior if `key_id` is omitted 
}

Steps to Reproduce

1. Manually create a parameter in SSM Parameter Store, encrypted with a KMS CMK
2. Create a TF configuration matching the manually created parameter - except, no key_id is specified. (When key_id is null, TF defaults to the AWS managed key, alias/aws/ssm.)
3. Import the manually created parameter into TF
4. Run TF plan.
5. Plan should want to update the aws_ssm_parameter resource to set its KMS key to the default AWS-managed key alias/aws/ssm. But plan actually doesn't notice a difference between infrastructure and configuration.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!