jcalhau11 commented 1 year ago

Description

In AWS AppConfig, when you create a deployment of a configuration profile, AWS automatically handles the encryption of the configuration data at rest. This encryption is managed using AWS Key Management Service (KMS) keys, but you typically don't need to explicitly specify a KMS key when creating a deployment. AWS AppConfig abstracts the encryption details and manages it for you.

However there is the option to add CMK to the deployment action. See cloud cloudformation json stack:

{ "Type":"AWS::AppConfig::Deployment", "Properties":{ "ApplicationId":"String", "ConfigurationProfileId":"String", "ConfigurationVersion":"String", "DeploymentStrategyId":"String", "Description":"String", "EnvironmentId":"String", "KmsKeyIdentifier":"String", "Tags":[ "Tags", "..." ] } }

after reviewing terraform LTS docs, i noticed this field was not available. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appconfig_deployment

Maybe there is a reason for this, but I can´t think of one.

thank you

Affected Resource(s) and/or Data Source(s)

aws_appconfig_deployment

Potential Terraform Configuration

resource "aws_appconfig_deployment" "example" {
  application_id           = aws_appconfig_application.example.id
  configuration_profile_id = aws_appconfig_configuration_profile.example.configuration_profile_id
  configuration_version    = aws_appconfig_hosted_configuration_version.example.version_number
  deployment_strategy_id   = aws_appconfig_deployment_strategy.example.id
  description              = "My example deployment"
  environment_id           = aws_appconfig_environment.example.environment_id
  kms_key_identifier       = "${kms id or arn}"

  tags = {
    Type = "AppConfig Deployment"
  }
}

References

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appconfig-deployment.html

Would you like to implement a fix?

Yes

github-actions[bot] commented 1 year ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

ewbankkit commented 11 months ago

@jcalhau11 Thanks for raising this issue. It has already been noticed in #31999. I'm going to close this one as a duplicate so that we can concentrate discussion in the linked issue. Please add any additional comments there.

github-actions[bot] commented 10 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-aws