User Specified KMS Keys Don't Work
When using a user provided KMS key and passing it in either as a default KMS key or service specific KMS key, Terraform throws an error during apply.
There are different errors depending on how the KMS key is provided to the module.
When creating a KMS key and providing the resource attribute as a parameter to the module you will get errors like the following:
bash-4.2# terraform apply
╷
│ Error: Invalid count argument
│
│ on ../../modules/gitlab_ref_arch_aws/kubernetes.tf line 55, in resource "aws_kms_key" "gitlab_cluster_key":
│ 55: count = var.eks_envelope_encryption && local.total_node_pool_count > 0 && var.eks_envelope_kms_key_arn == null && var.default_kms_key_arn == null ? 1 : 0
│
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the count depends on.
╵
╷
│ Error: Invalid count argument
│
│ on ../../modules/gitlab_ref_arch_aws/rds.tf line 20, in data "aws_kms_key" "aws_rds":
│ 20: count = local.rds_postgres_create && var.rds_postgres_kms_key_arn == null && var.default_kms_key_arn == null ? 1 : 0
│
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the count depends on.
╵
╷
│ Error: Invalid count argument
│
│ on ../../modules/gitlab_ref_arch_aws/storage.tf line 102, in resource "aws_iam_policy" "gitlab_s3_kms_policy":
│ 102: count = var.object_storage_kms_key_arn != null || var.default_kms_key_arn != null ? min(length(var.object_storage_buckets), 1) : 0
│
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the count depends on.
When passing a KMS key ARN as a variable as a parameter to the module you will get errors like the following:
bash-4.2# terraform apply
╷
│ Error: Invalid index
│
│ on ../../modules/gitlab_ref_arch_aws/kubernetes.tf line 36, in resource "aws_eks_cluster" "gitlab_cluster":
│ 36: key_arn = var.eks_envelope_kms_key_arn != null ? var.eks_envelope_kms_key_arn : coalesce(var.default_kms_key_arn, aws_kms_key.gitlab_cluster_key[0].arn)
│ ├────────────────
│ │ aws_kms_key.gitlab_cluster_key is empty tuple
│
│ The given key does not identify an element in this collection value: the collection has no elements.
╵
╷
│ Error: Invalid index
│
│ on ../../modules/gitlab_ref_arch_aws/rds.tf line 54, in resource "aws_db_instance" "gitlab":
│ 54: kms_key_id = coalesce(var.rds_postgres_kms_key_arn, var.default_kms_key_arn, data.aws_kms_key.aws_rds[0].arn)
│ ├────────────────
│ │ data.aws_kms_key.aws_rds is empty tuple
│
│ The given key does not identify an element in this collection value: the collection has no elements.
As is, there is no way for the use of custom KMS keys.