[Bug]: no unique ID provided for aws_cloudfront_key_value_store

[cannereau]

Terraform Core Version

1.7.1

AWS Provider Version

5.49.0

Affected Resource(s)

aws_cloudfront_key_value_store

Expected Behavior

Users expect to retrieve unique ID when they use aws_cloudfront_key_value_store resource https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_DescribeKeyValueStore.html Then, this ID can be injected in the JS code of an aws_cloudfront_function resource In fact, this ID is mandatory for working with aws_cloudfront_key_value_store within an aws_cloudfront_function https://aws.amazon.com/fr/blogs/aws/introducing-amazon-cloudfront-keyvaluestore-a-low-latency-datastore-for-cloudfront-functions/

Actual Behavior

Currently, the id attribute of aws_cloudfront_key_value_store resource returns the unuseful name of the resource https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_key_value_store#attribute-reference

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_cloudfront_key_value_store" "example" {
  name    = "ExampleKeyValueStore"
  comment = "This is an example key value store"
}
output "kvs_id" {
  value   = aws_cloudfront_key_value_store.example.id
}

Steps to Reproduce

terraform apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[BenOvermyer]

It's not ideal, but you can work around this by using the external provider to run the AWS CLI to fetch the actual ID.

bash script "get_kvs.sh" in the module directory:

#!/usr/bin/env bash

set -e

eval "$(jq -r '@sh "KVS_NAME=\(.kvs_name)"')"

aws cloudfront describe-key-value-store --name $KVS_NAME --query 'KeyValueStore' --output json | jq

Terraform code, where the function source code file has a placeholder KEY_VALUE_STORE_ID for the ID:

resource "aws_cloudfront_key_value_store" "function_data" {
  name    = "my-function-data"
  comment = "Cloudfront function data"
}

data "external" "key_value_store" {
  program = ["bash", "${path.module}/get_kvs.sh"]

  query = {
    kvs_name = aws_cloudfront_key_value_store.function_data.name
  }
}

resource "aws_cloudfront_function" "redirect" {
  name                         = "redirect-function"
  runtime                      = "cloudfront-js-2.0"
  comment                      = "Redirects"
  publish                      = true
  code                         = replace(file("${path.module}/redirect_function.js"), "KEY_VALUE_STORE_ID", data.external.key_value_store.result.Id)
  key_value_store_associations = [aws_cloudfront_key_value_store.function_data.arn]
}

[antonbelov92]

There is more simple way. KVS id is the part of KVS arn In my case its looks like arn:aws:cloudfront::XXXXXXXXX:key-value-store/XXXXX-XXXXX-XXXXX-XXXXXX-XXXXXXXXX

So you can get the id with making some  transformations with arn For example -

  template = file("${path.module}/scripts/viewer-request-function.js")
  vars = {
    kvs_id = element(split("/", "${aws_cloudfront_key_value_store.test_kv.arn}"), length(split("/", "${aws_cloudfront_key_value_store.test_kv.arn}")) - 1)
  }

Of course its looks like workaround, but it works for me.