Adding server_side_encryption forces new resource

[tjcobb]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version v0.11.13

Affected Resource(s)

• aws_dynamodb_table

Terraform Configuration Files

Before

resource "aws_dynamodb_table" "test-table" {
  name = "TestTable"
  hash_key = "Id"

  read_capacity = 2
  write_capacity = 2

  attribute {
    name = "Id"
    type = "S"
  }
}

After

resource "aws_dynamodb_table" "test-table" {
  name = "TestTable"
  hash_key = "Id"

  read_capacity = 2
  write_capacity = 2

  attribute {
    name = "Id"
    type = "S"
  }

  server_side_encryption {
    enabled = true
  }
}

Expected Behavior

Per the documentation, by solely adding server side encryption to a table I would expect terraform to update the existing resource instead of re-creating the resource.

Actual Behavior

When I run terraform apply I see...

server_side_encryption.#:         "0" => "1"
server_side_encryption.0.enabled: "" => "true" (forces new resource)

This was actually working as expected for me just yesterday (3/30/19) but now it seems to be behaving differently.

[ewbankkit]

@tjcobb This is "expected" behaviour and is all down to the difference between DEFAULT encryption (what you get if you specify no server_side_encryption attribute or specify one with enabled = false) and KMS encryption (which is what you get when you specify a server_side_encryption attribute with enabled = true).
See #7499 for more details.
Thanks.

[ewbankkit]

With #11081, updating the server_side_encryption attribute no longer recreates the table but instead updates the existing table.

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.