Loading...
Loading...
### Terraform Version ```shell `Terraform v1.11.3` ``` ### Terraform Configuration Files ```terraform --- a/tools/prtl/internal/prtl/static-files/nomad-ha/aws/modules/private-cloud/rds.tf +++ b/tools/prtl/internal/prtl/static-files/nomad-ha/aws/modules/private-cloud/rds.tf @@ -27,12 +27,12 @@ resource "aws_db_instance" "postgres_v16" { monitoring_role_arn = aws_iam_role.rds-monitoring-role.arn performance_insights_enabled = true - performance_insights_kms_key_id = aws_kms_key.rds.arn + performance_insights_kms_key_id = var.project_name == "essentials" ? aws_kms_key.rds-essentials[0].arn > performance_insights_retention_period = 7 storage_type = "gp3" storage_encrypted = true - kms_key_id = aws_kms_key.rds.arn + kms_key_id = var.project_name == "essentials" ? aws_kms_key.rds-essentials[0].arn : aws_kms_ke> allocated_storage = var.project_name == "essentials" ? 500 : 50 max_allocated_storage = var.project_name == "essentials" ? 600 : 100 deletion_protection = true @@ -312,7 +312,9 @@ locals { } ## Storage encryption key for RDS -resource "aws_kms_key" "rds" { +resource "aws_kms_key" "rds-essentials" { + count = var.project_name == "essentials" ? 1 : 0 + customer_master_key_spec = "SYMMETRIC_DEFAULT" description = "Default master key that protects my RDS database volumes when no other key is def> enable_key_rotation = true @@ -322,6 +324,16 @@ resource "aws_kms_key" "rds" { provider = aws.aws_no_defaults } +resource "aws_kms_key" "rds" { + count = var.project_name == "essentials" ? 0 : 1 + + customer_master_key_spec = "SYMMETRIC_DEFAULT" + description = "Default master key that protects my RDS database volumes when no other key is def> + enable_key_rotation = true + key_usage = "ENCRYPT_DECRYPT" + policy = local.policy +} + ``` ### Debug Output ``` $ terraform state mv -state=./state.d/terraform.tfstate module.private-cloud.aws_kms_key.rds[0] module.private-cloud.aws_kms_key.rds-essentials[0] ╷ │ Error: Invalid source address │ │ The current state does not contain module.private-cloud.aws_kms_key.rds[0]. ╵ ``` ### Expected Behavior Terraform plan should report that `module.private-cloud.aws_kms_key.rds` should be destroyed ### Actual Behavior Terraform plan reports that `module.private-cloud.aws_kms_key.rds[0]` should be destroyed, but `state mv` does not work with it: ```shell $ terraform state mv -state=./state.d/terraform.tfstate module.private-cloud.aws_kms_key.rds[0] module.private-cloud.aws_kms_key.rds-essentials[0] ╷ │ Error: Invalid source address │ │ The current state does not contain module.private-cloud.aws_kms_key.rds[0]. ╵ ``` Though the name without `[0]` works well: ``` $ terraform state mv -state=./state.d/terraform.tfstate module.private-cloud.aws_kms_key.rds module.private-cloud.aws_kms_key.rds-essentials[0] Move "module.private-cloud.aws_kms_key.rds" to "module.private-cloud.aws_kms_key.rds-essentials[0]" Successfully moved 1 object(s). ``` ### Steps to Reproduce 1. Rename and add condition a resource at the same time. ### Additional Context _No response_ ### References _No response_ ### Generative AI / LLM assisted development? _No response_
Click on a version to see all relevant bugs
Terraform Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.