I am trying to use terraform to update an existing CMK’s key users to include an additional user but cannot seem to do so. Is there any terraform resource to do this? If not what would be the best means to do so?
I know I can access the key through aws_kms_key data_sources, but I can’t seem to find any way to use that key to add a key user. I am aware that aws_kms_grant exists, but since its meant for temporary access (I’ve been advised that shouldn’t be used but even when I tested a grant – the user did not appear as a key user for that CMK).
Since I should not be using grants, I assume I should be trying to use terraform to update the CMK’s key policy by first obtaining the current policy, checking if the user is already present in the key policy or not, and then updating the key policy but I cannot find any terraform resources to do so. The only thing I managed to dig up is that AWS CLI commands exist to “GetKeyPolicy” and “PutKeyPolicy” but there is no terraform resource that reflects those either.
Any help at all is appreciated!