Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Continuous diff in aws_s3_bucket_object using kms_key_id with aws_kms_alias resource #9648

Closed
vasilij-icabbi opened this issue Aug 6, 2019 · 3 comments
Closed

Continuous diff in aws_s3_bucket_object using kms_key_id with aws_kms_alias resource #9648

vasilij-icabbi opened this issue Aug 6, 2019 · 3 comments
Labels
service/kms Issues and PRs that pertain to the kms service. service/s3 Issues and PRs that pertain to the s3 service. stale Old or inactive issues managed by automation, if no further action taken these will get closed.

Comments

@vasilij-icabbi
Copy link

vasilij-icabbi commented Aug 6, 2019
edited
Loading

Terraform Version

Terraform v0.12.5

  • provider.aws v2.21.1

I have following AWS resources:

resource "aws_s3_bucket" "s3" {

  bucket = "best-bucket-ever"
  acl    = "private"
  force_destroy = false
  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm     = "aws:kms"
        kms_master_key_id = aws_kms_alias.s3.target_key_id
      }
    }
  }
  tags = {
    ...
  }
}

resource "aws_kms_key" "s3" {
  is_enabled = true
  enable_key_rotation = true

  deletion_window_in_days = 30

  tags = {
    ...
  }
}

resource "aws_kms_alias" "s3" {
  name = "alias/s3"
  target_key_id = aws_kms_key.s3.key_id
}

resource "aws_s3_bucket_object" "s3" {
  ...
  kms_key_id =aws_kms_alias.s3.target_key_arn
}

Problem is that with every terraform apply I get kms_key_id regenerated as key/id:

kms_key_id = "arn:aws:kms:eu-west-1:0000:key/81c18d95-a078-4c92-a748-3d4844320224" -> "arn:aws:kms:eu-west-1:0000:alias/backend-lambda-packages-s3"

This behaviour is true when you try to upload encrypted S3 object to encrypted S3 bucket. More information on issue was discussed here:
https://discuss.hashicorp.com/t/continuous-diff-in-aws-s3-bucket-object-content/2199/9?u=vasilij-icabbi

Expected behaviour

No continues diff
@ghost ghost added service/kms Issues and PRs that pertain to the kms service. service/s3 Issues and PRs that pertain to the s3 service. labels Aug 6, 2019
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Aug 6, 2019
@petewilcock
Copy link

Looks like a duplicate of #6668

@github-actions
Copy link

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

@github-actions github-actions bot added the stale Old or inactive issues managed by automation, if no further action taken these will get closed. label Aug 16, 2021
@breathingdust breathingdust removed the needs-triage Waiting for first response or review from a maintainer. label Sep 17, 2021
@github-actions
Copy link

github-actions bot commented Jun 7, 2022

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 7, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
service/kms Issues and PRs that pertain to the kms service. service/s3 Issues and PRs that pertain to the s3 service. stale Old or inactive issues managed by automation, if no further action taken these will get closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@breathingdust @petewilcock @vasilij-icabbi