KMS key clean up

[xincanva]

Description

KMS key created as part of this module cannot be deleted by other admins.

terraform-aws-eks-blueprints/data.tf

Line 89 in 6f571f2

[data.aws_iam_session_context.current.issuer_arn]

This has cause a lot of issues with clean up in our use case, where the original creator role may not be available.

can we add root to the principal list?

        "arn:${local.context.aws_partition_id}:iam::${local.context.aws_caller_identity_account_id}:root"

If your request is for a new feature, please use the Feature request template.

• ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
2. Re-initialize the project root to pull down modules: terraform init
3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

• Module version [Required]:

• Terraform version:

• Provider version(s):

Reproduction Code [Required]

Steps to reproduce the behavior:

Expected behaviour

Actual behaviour

Terminal Output Screenshot(s)

Additional context

[askulkarni2]

@xincanva you should be able to provide additional arns using cluster_kms_key_additional_admin_arns. See

terraform-aws-eks-blueprints/variables.tf

Line 129 in 6f571f2

variable "cluster_kms_key_additional_admin_arns" {

[bryantbiggs]

Closing for now - please see the guidance provided above by Apoorva as well as #1319 where the v19 of the terraform-aws-eks module handles this for users today