Hi! I’m trying to create an aws_sfn_state_machine resource using terraform. Reading the docs , there is an encryption_configuration block but when I try to define it and run terraform apply it outputs the following error message
╷
Here is the code definition
resource "aws_sfn_state_machine" "sfn_state_machine" {
name = var.name
role_arn = var.role_arn
type = var.type
publish = var.publish
tags = var.tags
// Step function code definition
definition = var.definition
dynamic "logging_configuration" {
for_each = var.logging_configuration != null ? [var.logging_configuration] : []
content {
include_execution_data = logging_configuration.value.include_execution_data
level = logging_configuration.value.execution_log_level
log_destination = logging_configuration.value.log_destination_arn
}
}
dynamic "encryption_configuration" {
for_each = var.encryption_configuration != null ? [var.encryption_configuration] : []
content {
kms_data_key_reuse_period_seconds = var.encryption_configuration.kms_data_key_reuse_period_seconds
kms_key_id = var.encryption_configuration.kms_key_id
type = var.encryption_configuration.type
}
}
tracing_configuration {
enabled = var.enable_xray_tracing
}
}
Here is the terraform provider version that I’m using
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.82.2"
}
}
}
Is it possible that this configuration block is deprecated?
Thanks in advance
acwwat
January 4, 2025, 10:26pm
2
It looks like you’ve opened a GitHub issue for the same issue. Adding a link here for tracking:
opened 02:42PM - 02 Jan 25 UTC
bug
service/sfn
needs-triage
### Terraform Core Version
1.10.3 darwin_arm64
### AWS Provider Version
5.50.… 0
### Affected Resource(s)
aws_sfn_state_machine
### Expected Behavior
Create/Update state machine with encryption_configuration block after running `terraform init`, `terraform apply`
### Actual Behavior
After running `terraform apply`, terraform returns `Error: Unsupported block type`
### Relevant Error/Panic Output Snippet
```shell
│ Error: Unsupported block type
│
│ on ../../../../../modules/step-functions/v1.0/main.tf line 21, in resource "aws_sfn_state_machine" "sfn_state_machine":
│ 21: dynamic "encryption_configuration" {
│
│ Blocks of type "encryption_configuration" are not expected here.
```
### Terraform Configuration Files
```
resource "aws_sfn_state_machine" "sfn_state_machine" {
name = var.name
role_arn = var.role_arn
type = var.type
publish = var.publish
tags = var.tags
// Step function code definition
definition = var.definition
dynamic "logging_configuration" {
for_each = var.logging_configuration != null ? [var.logging_configuration] : []
content {
include_execution_data = logging_configuration.value.include_execution_data
level = logging_configuration.value.execution_log_level
log_destination = logging_configuration.value.log_destination_arn
}
}
dynamic "encryption_configuration" {
for_each = var.encryption_configuration != null ? [var.encryption_configuration] : []
content {
kms_data_key_reuse_period_seconds = var.encryption_configuration.kms_data_key_reuse_period_seconds
kms_key_id = var.encryption_configuration.kms_key_id
type = var.encryption_configuration.type
}
}
tracing_configuration {
enabled = var.enable_xray_tracing
}
}
```
## Provider
```
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.50.0"
}
}
}
provider "aws" {
region = var.region
}
locals {
tags = {
Product = var.product
Service = var.service
Environment = var.profile
}
}
```
### Steps to Reproduce
Run `terraform init`
Run `terraform apply`
### Debug Output
_No response_
### Panic Output
_No response_
### Important Factoids
_No response_
### References
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sfn_state_machine#encryption_configuration-configuration-block
### Would you like to implement a fix?
No