Open steve-hb opened 1 year ago
Voting for Prioritization
Volunteering to Work on This Issue
The choice of name is definitely confusing, and it's in a lot of resources across the provider. In many cases, you can use the kms key id (or the ARN), but only when the resource is in the same aws account as the key, so using the ARN is generally preferred.
The hard part is figuring out how to implement this in a way that doesn't break existing code.
Description
I've been adding KMS to all my resources and wondered why Terraform couldn't find the KMS key for the cloudwatch log group. Checked the code multiple times, tried adding a "depends_on" (maybe the dependency resolution broke?), tried changing policies and finally decided to read the docs again:
This resulted in the following code (with some small changes):
Could we please rename the
kms_key_id
argument tokms_key_arn
in order to have consistent arguments? Maybe adding an alias and deprecating the old one is feasible in this case? This issue doesn't only affect CW, but some other resources - some of them supposedly support both formats.If I miss something specific about the terminology of KMS, please let me know :)
PS: Sorry if I chose the wrong template, couldn't decide between bug, enhancement and docs (which are correct tho, just a little bit confusing).
References
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group#argument-reference
Would you like to implement a fix?
None