No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

```const kmsKey = new aws.kms.Key("config", { deletionWindowInDays: 10, enableKeyRotation: true });

new aws.kms.Alias("config", { name: `alias/foo`, targetKeyId: kmsKey.keyId });```

Use `targetKeyId: kmsKey.id`, that's working for me.

```    error: aws:kms/alias:Alias resource 'config' has a problem: Invalid or unknown key```


i get this with kmsKey.arn, kmsKey.id, kmsKey.keyId

And the alias and key are in the same account / provider?

this is the first issue i've seen like this in any provider, probably 5k+ lines of pulumi ts

i've just run this example and it had zero issues, i'm wondering if you've redefined `kmsKey` somehow?

Or any change that the key rotation auto-happens immediately, and the key id is invalid?

Maybe try it with rotation off, and if it works, turn rotation on?

it was an unrelated transformer in a deeper part of the project

thanks for the help, this was a super strange error

And that caused the key id to be changed?

you can't add tags to an AWS KMS key alias

that is a strange error, glad you figured it out

"invalid key" == invalid hash/object/dict key, not invalid KMS key

Cool. I've just double-checked my isTaggable function and glad to say, no key/alias:Alias in there :slightly_smiling_face:

yeah this transformer is blacklist vs whitelist

It's like the .gitignore policy.. whitelisting is safer but way more verbose...