Skip to content

Clarify accepted values for kms_key_id in aws_cloudwatch_log_group documentation (#41606) #42402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Clarify accepted values for kms_key_id in aws_cloudwatch_log_group documentation (#41606) #42402

wants to merge 1 commit into from
+4 −2

Conversation

laryssasre
Copy link
Contributor

This PR improves the documentation for the kms_key_id attribute of the aws_cloudwatch_log_group resource.

Changes:

  • Clarifies that the kms_key_id field accepts a Key ID, full ARN, or alias ARN.
  • Keeps the existing description about the behavior after key disassociation.

This clarification aligns the documentation with AWS's accepted input formats for KMS keys in CloudWatch Logs.

Fixes #41606

@laryssasre laryssasre requested a review from a team as a code owner April 28, 2025 15:19
@github-actions GitHub Actions
Copy link

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. documentation Introduces or discusses updates to documentation. service/logs Issues and PRs that pertain to the logs service. size/XS Managed by automation to categorize the size of a PR. labels Apr 28, 2025
justinretzolk
justinretzolk reviewed Apr 29, 2025
View reviewed changes
website/docs/r/cloudwatch_log_group.html.markdown
@@ -34,8 +34,10 @@ This resource supports the following arguments:
* `retention_in_days` - (Optional) Specifies the number of days
you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0.
If you select 0, the events in the log group are always retained and never expire.
* `kms_key_id` - (Optional) The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group,
AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires
* `kms_key_id` - (Optional) The Amazon Resource Name (ARN), Key ID, or alias ARN of the AWS KMS Key to use when encrypting log data.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This resources uses CreateLogGroup, for which the documentation seems to indicate that an ARN is required, and the linked issue seems to indicate that the key ID isn't an accepted value.

Do you have a reference that indicated that the key ID (or Alias ARN, though that very well could be accepted) should be accepted here?

@justinretzolk justinretzolk added the waiting-response Maintainers are waiting on response from community or contributor. label Apr 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinretzolk justinretzolk justinretzolk left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. needs-triage Waiting for first response or review from a maintainer. service/logs Issues and PRs that pertain to the logs service. size/XS Managed by automation to categorize the size of a PR. waiting-response Maintainers are waiting on response from community or contributor.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Docs]: aws_cloudwatch_log_group: variable kms_key_id
2 participants
@laryssasre @justinretzolk