Hi,all!
i have issue creating kms key replica in different region.
We have main provider.tf where i am declaring both aws providers in different regions
terraform {
backend “s3” {}
required_providers {
aws = {
source = “hashicorp/aws”
#
#version = “3.52”
version = “4.33”
}
}
required_version = “>= 1.0.0”
}
provider “aws” {
alias = “primary”
region = var.env_vars[var.environment].region
default_tags {
tags = {
Owner = lower(var.owner)
Environment = lower(var.environment)
Build_tag = var.build_tag
#Backup = var.env_vars[var.environment].backup
}
}
}
provider “aws” {
alias = “replica”
region = var.env_vars[“replica”].region
}
then inside main.tf i am calling kms module like
module “kms” {
source = “./modules/kms”
account_id = local.account_id
aws_accounts = module.organization.accounts
providers = {
aws.primary = aws.primary
aws.replica = aws.replica
}
}
in ./modules/kms/provider.tf
terraform {
required_providers {
aws = {
source = “hashicorp/aws”
version = “4.33”
configuration_aliases = [ aws.primary, aws.replica ]
}
}
}
and in ./modules/kms/main.tf
resource “aws_kms_key” “backupvault” {
provider = aws.primary
description = “KMS key used for account level backups”
is_enabled = true
multi_region = true
policy = jsonencode(…)
}
resource “aws_kms_alias” “backupvault” {
provider = aws.primary
name = “alias/aws-z-z-z-z-kms-z-backup-z”
target_key_id = aws_kms_key.backupvault.id
}
resource “aws_kms_replica_key” “backupvault” {
description = “Multi-region replica backupvault key”
primary_key_arn = aws_kms_key.backupvault.arn
provider = aws.replica
}
and i am getting errors
Error: Missing required provider configuration
│
│ on main.tf line 134:
│ 134: module “kms” {
│
│ The child module requires an additional configuration for provider hashicorp/aws, with the local name “aws.primary”.
│
│ Refer to the module’s documentation to understand the intended purpose of this additional provider configuration, and then add an entry for aws.primary in the “providers” meta-argument in the module block
│ to choose which provider configuration the module should use for that purpose.
╵
╷
│ Error: Missing required provider configuration
│
│ on main.tf line 134:
│ 134: module “kms” {
│
│ The child module requires an additional configuration for provider hashicorp/aws, with the local name “aws.replica”.
│
│ Refer to the module’s documentation to understand the intended purpose of this additional provider configuration, and then add an entry for aws.replica in the “providers” meta-argument in the module block
│ to choose which provider configuration the module should use for that purpose.
╵
I am wondering if it can be because backend-config we are defining region but i guess no…