Upgrade 18.x --> 19.x- create_kms_key Provision Error

[jauyzed]

Hello,

I'm testing self-managed node groups. We do not have access to create kms_key nor tag them. I was supplying the kms_key_id where possible with version 18.x. With the upgrade to 19.x, I tried to set create_kms_key = false and ran into this.

on .terraform/modules/eks/main.tf line 59, in resource "aws_eks_cluster" "this":
│   59:         key_arn = var.create_kms_key ? module.kms.key_arn : encryption_config.value.provider_key_arn
│     ├────────────────
│     │ encryption_config.value is object with 1 attribute "resources"
│
│ This object does not have an attribute named "provider_key_arn".

Any way to override this?

Generally, we do not have access/permission to manage kms keys, iam roles/policies.

Thanks!

[bryantbiggs]

I believe you will need to set:

  create_kms_key            = false
  cluster_encryption_config = {}

[bryantbiggs]

I think I might be assuming you want to disable secret encryption and that could be incorrect. @jauyzed can you post the configuration you are using and what the desired outcome is that you are trying to achieve?

[tushar-swami]

I am also getting similar error, we need to use existing KMS key for our cluster which we are passing as a variable
What should be format to use existing kms key ? Below value is not working, which was working in 18.x

config

cluster_encryption_config = [
{
provider_key_arn = "${var.cluster_encryption_config}"
resources = ["secrets"]
}
]

[antonbabenko]

This issue has been resolved in version 19.0.4 🎉

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.