diff --git a/main.tf b/main.tf index 29d4c384..778aef25 100644 --- a/main.tf +++ b/main.tf @@ -291,6 +291,10 @@ resource "azurerm_kubernetes_cluster" "main" { condition = var.role_based_access_control_enabled || !var.rbac_aad error_message = "Enabling Azure Active Directory integration requires that `role_based_access_control_enabled` be set to true." } + precondition { + condition = var.kms_enabled && var.identity_type != "UserAssigned" + error_message = "KMS etcd encryption doesn't work with system-assigned managed identity." + } } } diff --git a/variables.tf b/variables.tf index 72537b31..4e703cf9 100644 --- a/variables.tf +++ b/variables.tf @@ -339,6 +339,7 @@ variable "kms_enabled" { type = bool description = "(Optional) Enable Azure KeyVault Key Management Service." default = false + nullable = false } variable "kms_key_vault_key_id" {