Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_kms_replica_key fails to create with a provided policy #22947

Closed
rpopovych opened this issue Feb 4, 2022 · 2 comments
Closed

aws_kms_replica_key fails to create with a provided policy #22947

rpopovych opened this issue Feb 4, 2022 · 2 comments
Labels
bug Addresses a defect in current functionality. service/iam Issues and PRs that pertain to the iam service. service/kms Issues and PRs that pertain to the kms service. service/sts Issues and PRs that pertain to the sts service. stale Old or inactive issues managed by automation, if no further action taken these will get closed.

Comments

@rpopovych
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform 1.1.5
AWS Provider 3.74.0
Windows 10 64 bit

Affected Resource(s)

  • aws_kms_replica_key

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

data "aws_caller_identity" "current" {}

data "aws_iam_policy_document" "this" {
  statement {
    sid       = "Key Administrators"
    actions   = ["kms:*"]
    resources = ["*"]

    principals {
      type = "AWS"
      identifiers = [
        data.aws_caller_identity.current.arn
      ]
    }
  }
}

resource "aws_kms_key" "this" {
  enable_key_rotation = true
  policy              = data.aws_iam_policy_document.this.json
  multi_region        = true
}

resource "aws_kms_replica_key" "this" {
  provider = aws.replication

  policy          = data.aws_iam_policy_document.this.json
  primary_key_arn = aws_kms_key.this.arn
}

Expected Behavior

terraform apply successfully executed.

Actual Behavior

terraform apply times out after 5 minutes.

image

Steps to Reproduce

  1. terraform apply

Important Factoids

The key is created correctly with the correct policy, it seems like the provider is just thinking that policies are different.

I can successfully create the replica key without policy.
I can even update the policy and the update works correctly.
The issue is only when creating from scratch with policy.

References
@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/iam Issues and PRs that pertain to the iam service. service/kms Issues and PRs that pertain to the kms service. service/sts Issues and PRs that pertain to the sts service. labels Feb 4, 2022
@justinretzolk justinretzolk added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Feb 16, 2022
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 7, 2024

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

@github-actions github-actions bot added the stale Old or inactive issues managed by automation, if no further action taken these will get closed. label Feb 7, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 8, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 8, 2024

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/iam Issues and PRs that pertain to the iam service. service/kms Issues and PRs that pertain to the kms service. service/sts Issues and PRs that pertain to the sts service. stale Old or inactive issues managed by automation, if no further action taken these will get closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rpopovych @justinretzolk