I have a strange problem, I created "aws_kms_keys" which is fine and working okay, then I assign that created keys to my ebs_block with the following code :
#root disk
root_block_device {
volume_size = "120"
volume_type = "gp2"
encrypted ="true"
kms_key_id = aws_kms_key.aws-wm-wmad-prod.key_id
delete_on_termination = true
}
however if I run terraform apply it will attempt to replace the entire instance after it's already created. ~ kms_key_id = "arn:aws:kms:us-east-1:1433:key/9c93acdd-etc" -> "9c93acdd-etc" # forces replacement
i'm using TF version 0.14.7 with provider version 3.72.0 was curious what is the workaround for this or fix for this ? or should i upgrade to the latest TF which might fix this?
I FOUND a workaround this using the following:
lifecycle {
ignore_changes = [root_block_device[0].kms_key_id]
}
however it's annoying lol, not sure why this is even required but wanted some input.
There is no workaround nor fix for that. That's how it works. Changes to KmsKeyId require replacement and you can't change this behavior.
So you have to backup your data from the given EBS volume, make the replacement, and copy the data back.