The KmsKeyId in the Namespace, once set to a non-default value, cannot be unset. So when kms_key_id attribute is removed from resource config, the expected behavior should be to either prevent the change or replace the resource.
Actual Behavior
Apply results in "No changes. Your infrastructure matches the configuration.". KmsKeyId is removed from the configuration while still being associated with the namespace. Subsequent terraform plan also does not highlight a potential drift.
This means that the truth about the resource is unavailable in the resource config. Committing the config to VCS, might result in further problems and confusion.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Terraform Core Version
1.9.5
AWS Provider Version
5.66.0
Affected Resource(s)
Expected Behavior
The KmsKeyId in the Namespace, once set to a non-default value, cannot be unset. So when
kms_key_id
attribute is removed from resource config, the expected behavior should be to either prevent the change or replace the resource.Actual Behavior
Apply results in "No changes. Your infrastructure matches the configuration.". KmsKeyId is removed from the configuration while still being associated with the namespace. Subsequent
terraform plan
also does not highlight a potential drift. This means that the truth about the resource is unavailable in the resource config. Committing the config to VCS, might result in further problems and confusion.Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
kms_key_id
from the config and apply again.Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
Yes