Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
Deploy a terraform module creating a kinesis stream
`
terraform {
source = "tfr:///cloudposse/kinesis-stream/aws?version=0.4.0"
}
inputs = {
name = "data-collection"
retention_period = 24
shard_count = 1
shard_level_metrics = []
enforce_consumer_deletion = false
encryption_type = "NONE"
tags = {
Name = "data-collection"
Environment = "lstack"
Service = "lssvc"
}
}
`
Deploy with "terragrunt run-all apply".
A second deploy with no changes to the resource results in this error. There is no KeyId or KMS key alias because there is no encryption.
Error: stopping Kinesis Stream (lstack-data-collection) encryption: operation error Kinesis: StopStreamEncryption, https response error StatusCode: 400, RequestID: e4202f7d-6a07-4413-94dc-781ccfd25dfd, InvalidArgumentException: Received KeyId is not a properly formatted Alias or GUI
Expected Behavior
Handle the StopStreamEncryption message without an error so the Terraform apply finishes gracefully.
How are you starting LocalStack?
Custom (please describe below)
Steps To Reproduce
How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)
By running a custom LocalStack-pro image inside a dev container. The custom image adds certificates.
Then I run LS by starting the GDC with the custom LS image specified.
https://github.com/devxpod/GDC
For the purposes of reproducing this, you can simply run localstack-pro
Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)
Run this twice:
terragrunt run-all apply
Environment
- OS: DockerDesktop on Mac
- LocalStack:
LocalStack version: 4.4.1.dev45
LocalStack Docker image sha:
LocalStack build date: 2025-05-27
LocalStack build git hash: 9eec25e18Anything else?
The net effect of this behavior is having to stop and start LS for every test cycle.