I have KMS key defined with condition if I pass bool
to create it or not (count = local.create_key ? 1 : 0
);
Let’s say I import KMS key with:
terraform import module.path.aws_kms_key.key *key_id*
and provide create_key=false
Then terraform plan suggests that this key must be destroyed:
# module.path.aws_kms_key.key will be destroyed
- resource "aws_kms_key" "key" {
- arn = "arn:aws:kms:us-east-2:my_account:key/***" -> null
- customer_master_key_spec = "SYMMETRIC_DEFAULT" -> null
- description = "Default" -> null
- enable_key_rotation = false -> null
- id = "***" -> null
- is_enabled = true -> null
- key_id = "***" -> null
- key_usage = "ENCRYPT_DECRYPT" -> null
- policy = jsonencode(
{
- Id = "key-default-1"
- Statement = [
- {
- Action = "kms:*"
- Effect = "Allow"
- Principal = {
- AWS = "arn:aws:iam::my_account:root"
}
- Resource = "*"
- Sid = "Enable IAM User Permissions"
},
]
- Version = "2012-10-17"
}
) -> null
- tags = {} -> null
- tags_all = {
- "tag-name" = "pickle-test"
} -> null
}
If lifecycle
meta rule block supported using variables this would have solve my issue but it does not.
upd: I’ve been able to workaround that, but curious nonetheless.