Open isaac-s opened 1 year ago
Voting for Prioritization
Volunteering to Work on This Issue
I got the same behaviour with the 'point_in_time_recovery' attribute in provider version 4.63.0. When I changed one of the core attributes the server_side_encryption change was detected.
The same also applies to kms_key_arn
. This means it's impossible to toggle between Amazon managed key and CMK based on a variable, something like kms_key_arn = var.enabled ? key_arn : null
.
I have also tried kms_key_arn = var.enabled ? key_arn : data.aws_kms_alias.dynamo_aws_managed.target_key_arn
, but this doesn't work because attempting to set the key ARN explicitly to the value it already is implicitly fails.
Terraform Core Version
1.3.7
AWS Provider Version
4.57.0
Affected Resource(s)
aws_dynamodb_table
Expected Behavior
Terraform should yield a plan to remove the
server_side_encryption
definition, resulting (after application) in encryption "Managed by DynamoDB"Actual Behavior
Empty plan. Terraform doesn't prompt to change anything in the table.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
Apply the configuration above. This will result in a table created with encryption managed by KMS. Then, remove the
server_side_encryption
block, and runterraform plan
. You'd expect Terraform to detect this as a change, but it doesn't.Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None