Open jorgellanos91 opened 1 week ago
Voting for Prioritization
Volunteering to Work on This Issue
@jorgellanos91 - This is not a bug. Per the documentation on the s3_bucket_server_side_encryption_configuration resource:
kms_master_key_id - (Optional) AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.
Simply omit kms_master_key_id
and you should be good to go!
@jorgellanos91 - This is not a bug. Per the documentation on the s3_bucket_server_side_encryption_configuration resource:
kms_master_key_id - (Optional) AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.
Simply omit
kms_master_key_id
and you should be good to go!
Hey @dimaman2001 thanks for your quick reply!
You are right, I understand that I can skip the kms_master_key_id
parameter, but that doesn't mean it's not a bug. Anyone can configure an alias to any KMS key, default or not, without the provider raising any error or warning. Also, AWS doesn't support the alias as a valid value.
Terraform Core Version
1.8.5
AWS Provider Version
Affected Resource(s)
Expected Behavior
This configuration must fail because the attribute
kms_master_key_id = "aws/s3"
cannot be configured this way, and AWS does not accept this configuration as valid.
Actual Behavior
´terraform apply' command is successful
Relevant Error/Panic Output Snippet
Terraform Configuration Files
Steps to Reproduce
terraform init terraform apply
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None