hashicorp · bflad · Jun 17, 2020 · Jun 6, 2020
diff --git a/aws/resource_aws_key_pair.go b/aws/resource_aws_key_pair.go
@@ -2,9 +2,11 @@ package aws
 
 import (
 	"fmt"
+	"log"
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -63,6 +65,10 @@ func resourceAwsKeyPair() *schema.Resource {
 				Computed: true,
 			},
 			"tags": tagsSchema(),
+			"arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -92,7 +98,7 @@ func resourceAwsKeyPairCreate(d *schema.ResourceData, meta interface{}) error {
 		return fmt.Errorf("Error import KeyPair: %s", err)
 	}
 
-	d.SetId(*resp.KeyName)
+	d.SetId(aws.StringValue(resp.KeyName))
 
 	return resourceAwsKeyPairRead(d, meta)
 }
@@ -107,25 +113,43 @@ func resourceAwsKeyPairRead(d *schema.ResourceData, meta interface{}) error {
 	resp, err := conn.DescribeKeyPairs(req)
 	if err != nil {
 		if isAWSErr(err, "InvalidKeyPair.NotFound", "") {
+			log.Printf("[WARN] Key Pair (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
 		return fmt.Errorf("Error retrieving KeyPair: %s", err)
 	}
 
-	for _, keyPair := range resp.KeyPairs {
-		if *keyPair.KeyName == d.Id() {
-			d.Set("key_name", keyPair.KeyName)
-			d.Set("fingerprint", keyPair.KeyFingerprint)
-			d.Set("key_pair_id", keyPair.KeyPairId)
-			if err := d.Set("tags", keyvaluetags.Ec2KeyValueTags(keyPair.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
-				return fmt.Errorf("error setting tags: %s", err)
-			}
-			return nil
-		}
+	if len(resp.KeyPairs) == 0 {
+		log.Printf("[WARN] Key Pair (%s) not found, removing from state", d.Id())
+		d.SetId("")
+		return nil
+	}
+
+	kp := resp.KeyPairs[0]
+
+	if aws.StringValue(kp.KeyName) != d.Id() {
+		return fmt.Errorf("Unable to find key pair within: %#v", resp.KeyPairs)
+	}
+
+	d.Set("key_name", kp.KeyName)
+	d.Set("fingerprint", kp.KeyFingerprint)
+	d.Set("key_pair_id", kp.KeyPairId)
+	if err := d.Set("tags", keyvaluetags.Ec2KeyValueTags(kp.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
 	}
 
-	return fmt.Errorf("Unable to find key pair within: %#v", resp.KeyPairs)
+	arn := arn.ARN{
+		Partition: meta.(*AWSClient).partition,
+		Service:   "ec2",
+		Region:    meta.(*AWSClient).region,
+		AccountID: meta.(*AWSClient).accountid,
+		Resource:  fmt.Sprintf("key-pair/%s", d.Id()),
+	}.String()
+
+	d.Set("arn", arn)
+
+	return nil
 }
 
 func resourceAwsKeyPairUpdate(d *schema.ResourceData, meta interface{}) error {

diff --git a/aws/resource_aws_key_pair_test.go b/aws/resource_aws_key_pair_test.go
@@ -72,6 +72,7 @@ func TestAccAWSKeyPair_basic(t *testing.T) {
 				Config: testAccAWSKeyPairConfig(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSKeyPairExists(resourceName, &keyPair),
+					testAccCheckResourceAttrRegionalARN(resourceName, "arn", "ec2", fmt.Sprintf("key-pair/%s", rName)),
 					testAccCheckAWSKeyPairFingerprint(&keyPair, fingerprint),
 					resource.TestCheckResourceAttr(resourceName, "fingerprint", fingerprint),
 					resource.TestCheckResourceAttr(resourceName, "key_name", rName),
@@ -202,7 +203,7 @@ func TestAccAWSKeyPair_disappears(t *testing.T) {
 				Config: testAccAWSKeyPairConfig(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSKeyPairExists(resourceName, &keyPair),
-					testAccCheckAWSKeyPairDisappears(&keyPair),
+					testAccCheckResourceDisappears(testAccProvider, resourceAwsKeyPair(), resourceName),
 				),
 				ExpectNonEmptyPlan: true,
 			},
@@ -237,21 +238,6 @@ func testAccCheckAWSKeyPairDestroy(s *terraform.State) error {
 	return nil
 }
 
-func testAccCheckAWSKeyPairDisappears(keyPair *ec2.KeyPairInfo) resource.TestCheckFunc {
-	return func(s *terraform.State) error {
-		conn := testAccProvider.Meta().(*AWSClient).ec2conn
-
-		req := &ec2.DeleteKeyPairInput{
-			KeyName: keyPair.KeyName,
-		}
-		if _, err := conn.DeleteKeyPair(req); err != nil {
-			return err
-		}
-
-		return nil
-	}
-}
-
 func testAccCheckAWSKeyPairFingerprint(conf *ec2.KeyPairInfo, expectedFingerprint string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if aws.StringValue(conf.KeyFingerprint) != expectedFingerprint {
@@ -290,7 +276,7 @@ func testAccCheckAWSKeyPairExists(n string, res *ec2.KeyPairInfo) resource.TestC
 			return err
 		}
 		if len(resp.KeyPairs) != 1 ||
-			*resp.KeyPairs[0].KeyName != rs.Primary.ID {
+			aws.StringValue(resp.KeyPairs[0].KeyName) != rs.Primary.ID {
 			return fmt.Errorf("KeyPair not found")
 		}
 

diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
@@ -266,6 +266,7 @@ for more information about connecting to alternate AWS endpoints or AWS compatib
   - [`aws_glue_trigger` resource](/docs/providers/aws/r/glue_trigger.html)
   - [`aws_instance` data source](/docs/providers/aws/d/instance.html)
   - [`aws_instance` resource](/docs/providers/aws/r/instance.html)
+  - [`aws_key_pair` resource](/docs/providers/aws/r/key_pair.html)  
   - [`aws_launch_template` data source](/docs/providers/aws/d/launch_template.html)
   - [`aws_launch_template` resource](/docs/providers/aws/r/launch_template.html)
   - [`aws_redshift_cluster` resource](/docs/providers/aws/r/redshift_cluster.html)

diff --git a/website/docs/r/key_pair.html.markdown b/website/docs/r/key_pair.html.markdown
@@ -40,6 +40,8 @@ The following arguments are supported:
 
 In addition to all arguments above, the following attributes are exported:
 
+* `id` - The key pair name.
+* `arn` - The key pair ARN.
 * `key_name` - The key pair name.
 * `key_pair_id` - The key pair ID.
 * `fingerprint` - The MD5 public key fingerprint as specified in section 4 of RFC 4716.