From ba7dbe6b273cb8d23dfc6ed1c4a561532470da52 Mon Sep 17 00:00:00 2001
From: Lucio Reis <lucioreis@id.uff.br>
Date: Thu, 20 Mar 2025 11:41:51 -0300
Subject: [PATCH 1/5] Feat: add optional skip KMS key id validation

Signed-off-by: Lucio Reis <lucioreis@id.uff.br>
---
 internal/backend/remote-state/s3/backend.go      | 8 +++++++-
 internal/backend/remote-state/s3/backend_test.go | 8 ++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/internal/backend/remote-state/s3/backend.go b/internal/backend/remote-state/s3/backend.go
index f53c22c3d3fd..795160ff7453 100644
--- a/internal/backend/remote-state/s3/backend.go
+++ b/internal/backend/remote-state/s3/backend.go
@@ -215,6 +215,11 @@ func (b *Backend) ConfigSchema() *configschema.Block {
 				Optional:    true,
 				Description: "Do not include checksum when uploading S3 Objects. Useful for some S3-Compatible APIs.",
 			},
+			"skip_kms_key_validation": {
+				Type:        cty.Bool,
+				Optional:    false,
+				Description: "Skips the KMS key validation. Defaults to False.",
+			},
 			"sse_customer_key": {
 				Type:        cty.String,
 				Optional:    true,
@@ -654,7 +659,7 @@ func (b *Backend) PrepareConfig(obj cty.Value) (cty.Value, tfdiags.Diagnostics)
 	)(obj, cty.Path{}, &diags)
 
 	attrPath = cty.GetAttrPath("kms_key_id")
-	if val := obj.GetAttr("kms_key_id"); !val.IsNull() {
+	if val := obj.GetAttr("kms_key_id"); !val.IsNull(); b.skip_kms_key_validation.isFalse() {
 		kmsKeyIDValidators := validateString{
 			Validators: []stringValidator{
 				validateStringKMSKey,
@@ -837,6 +842,7 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {
 	b.ddbTable = stringAttr(obj, "dynamodb_table")
 	b.useLockFile = boolAttr(obj, "use_lockfile")
 	b.skipS3Checksum = boolAttr(obj, "skip_s3_checksum")
+	b.skip_kms_key_validation = boolAttr(obj, "skip_kms_key_validation")
 
 	if _, ok := stringAttrOk(obj, "kms_key_id"); ok {
 		if customerKey := os.Getenv("AWS_SSE_CUSTOMER_KEY"); customerKey != "" {
diff --git a/internal/backend/remote-state/s3/backend_test.go b/internal/backend/remote-state/s3/backend_test.go
index 10e00c0e3ee9..2d6f74c62f4c 100644
--- a/internal/backend/remote-state/s3/backend_test.go
+++ b/internal/backend/remote-state/s3/backend_test.go
@@ -2474,6 +2474,14 @@ func TestBackendConfigKmsKeyId(t *testing.T) {
 				),
 			},
 		},
+
+		"skip-check": {
+			config: map[string]any{
+				"kms_key_id": "not-an-arn",
+				"skip_kms_key_id_validation" : True
+			},
+			expectedKeyId: "not-an-arn",
+		},
 	}
 
 	for name, tc := range testCases {

From 25f1fa88612f52334897a7ae4bd6e2671b23feb9 Mon Sep 17 00:00:00 2001
From: Lucio Reis <lucioreis@id.uff.br>
Date: Thu, 20 Mar 2025 11:54:07 -0300
Subject: [PATCH 2/5] Fix skip validation condition + add Backend struct

Signed-off-by: Lucio Reis <lucioreis@id.uff.br>
---
 internal/backend/remote-state/s3/backend.go      | 12 ++++++++----
 internal/backend/remote-state/s3/backend_test.go |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/internal/backend/remote-state/s3/backend.go b/internal/backend/remote-state/s3/backend.go
index 795160ff7453..74852862953c 100644
--- a/internal/backend/remote-state/s3/backend.go
+++ b/internal/backend/remote-state/s3/backend.go
@@ -49,6 +49,7 @@ type Backend struct {
 	useLockFile           bool
 	workspaceKeyPrefix    string
 	skipS3Checksum        bool
+	skipKmsKeyIdValidation bool
 }
 
 // ConfigSchema returns a description of the expected configuration
@@ -215,7 +216,7 @@ func (b *Backend) ConfigSchema() *configschema.Block {
 				Optional:    true,
 				Description: "Do not include checksum when uploading S3 Objects. Useful for some S3-Compatible APIs.",
 			},
-			"skip_kms_key_validation": {
+			"skip_kms_key_id_validation": {
 				Type:        cty.Bool,
 				Optional:    false,
 				Description: "Skips the KMS key validation. Defaults to False.",
@@ -659,13 +660,16 @@ func (b *Backend) PrepareConfig(obj cty.Value) (cty.Value, tfdiags.Diagnostics)
 	)(obj, cty.Path{}, &diags)
 
 	attrPath = cty.GetAttrPath("kms_key_id")
-	if val := obj.GetAttr("kms_key_id"); !val.IsNull(); b.skip_kms_key_validation.isFalse() {
+	if val := obj.GetAttr("kms_key_id"); !val.IsNull() {
 		kmsKeyIDValidators := validateString{
 			Validators: []stringValidator{
 				validateStringKMSKey,
 			},
 		}
-		kmsKeyIDValidators.ValidateAttr(val, attrPath, &diags)
+				
+		if !b.skipKmsKeyIdValidation {
+			kmsKeyIDValidators.ValidateAttr(val, attrPath, &diags)
+		}
 	}
 
 	attrPath = cty.GetAttrPath("workspace_key_prefix")
@@ -842,7 +846,7 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {
 	b.ddbTable = stringAttr(obj, "dynamodb_table")
 	b.useLockFile = boolAttr(obj, "use_lockfile")
 	b.skipS3Checksum = boolAttr(obj, "skip_s3_checksum")
-	b.skip_kms_key_validation = boolAttr(obj, "skip_kms_key_validation")
+	b.skipKmsKeyIdValidation = boolAttr(obj, "skip_kms_key_id_validation")
 
 	if _, ok := stringAttrOk(obj, "kms_key_id"); ok {
 		if customerKey := os.Getenv("AWS_SSE_CUSTOMER_KEY"); customerKey != "" {
diff --git a/internal/backend/remote-state/s3/backend_test.go b/internal/backend/remote-state/s3/backend_test.go
index 2d6f74c62f4c..78a7bbe2105c 100644
--- a/internal/backend/remote-state/s3/backend_test.go
+++ b/internal/backend/remote-state/s3/backend_test.go
@@ -2475,7 +2475,7 @@ func TestBackendConfigKmsKeyId(t *testing.T) {
 			},
 		},
 
-		"skip-check": {
+		"skip-validation": {
 			config: map[string]any{
 				"kms_key_id": "not-an-arn",
 				"skip_kms_key_id_validation" : True

From e80d6a570f52fa731cff33c3571436aba3c59f48 Mon Sep 17 00:00:00 2001
From: Lucio Reis <lucioreis@id.uff.br>
Date: Thu, 20 Mar 2025 12:07:51 -0300
Subject: [PATCH 3/5] Add changelog entry

Signed-off-by: Lucio Reis <lucioreis@id.uff.br>
---
 .changes/v1.12/ENHANCEMENTS-20250320-120304.yaml | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changes/v1.12/ENHANCEMENTS-20250320-120304.yaml

diff --git a/.changes/v1.12/ENHANCEMENTS-20250320-120304.yaml b/.changes/v1.12/ENHANCEMENTS-20250320-120304.yaml
new file mode 100644
index 000000000000..ccb50c691481
--- /dev/null
+++ b/.changes/v1.12/ENHANCEMENTS-20250320-120304.yaml
@@ -0,0 +1,5 @@
+kind: ENHANCEMENTS
+body: Optional skipping the validation  of KMS key ID in the S3 backends.
+time: 2025-03-20T12:03:04.152186-03:00
+custom:
+    Issue: "36730"

From f1aed337faf4c13ffba967358b9a24cf7d4252f6 Mon Sep 17 00:00:00 2001
From: Lucio Reis <lucioreis@id.uff.br>
Date: Thu, 20 Mar 2025 12:12:30 -0300
Subject: [PATCH 4/5] fix typo

---
 internal/backend/remote-state/s3/backend_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/backend/remote-state/s3/backend_test.go b/internal/backend/remote-state/s3/backend_test.go
index 78a7bbe2105c..283dff709c56 100644
--- a/internal/backend/remote-state/s3/backend_test.go
+++ b/internal/backend/remote-state/s3/backend_test.go
@@ -2478,7 +2478,7 @@ func TestBackendConfigKmsKeyId(t *testing.T) {
 		"skip-validation": {
 			config: map[string]any{
 				"kms_key_id": "not-an-arn",
-				"skip_kms_key_id_validation" : True
+				"skip_kms_key_id_validation" : True,
 			},
 			expectedKeyId: "not-an-arn",
 		},

From 6798964e6c025bacb861f1971d85bf67a786a288 Mon Sep 17 00:00:00 2001
From: Lucio Reis <lucioreis@id.uff.br>
Date: Thu, 20 Mar 2025 12:42:51 -0300
Subject: [PATCH 5/5] Improve grammar

---
 .changes/v1.12/ENHANCEMENTS-20250320-120304.yaml | 2 +-
 internal/backend/remote-state/s3/backend.go      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.changes/v1.12/ENHANCEMENTS-20250320-120304.yaml b/.changes/v1.12/ENHANCEMENTS-20250320-120304.yaml
index ccb50c691481..2f052143bfcc 100644
--- a/.changes/v1.12/ENHANCEMENTS-20250320-120304.yaml
+++ b/.changes/v1.12/ENHANCEMENTS-20250320-120304.yaml
@@ -1,5 +1,5 @@
 kind: ENHANCEMENTS
-body: Optional skipping the validation  of KMS key ID in the S3 backends.
+body: Optional skipping of the validation of the KMS key ID in the S3 backends.
 time: 2025-03-20T12:03:04.152186-03:00
 custom:
     Issue: "36730"
diff --git a/internal/backend/remote-state/s3/backend.go b/internal/backend/remote-state/s3/backend.go
index 74852862953c..2b571c7a419c 100644
--- a/internal/backend/remote-state/s3/backend.go
+++ b/internal/backend/remote-state/s3/backend.go
@@ -219,7 +219,7 @@ func (b *Backend) ConfigSchema() *configschema.Block {
 			"skip_kms_key_id_validation": {
 				Type:        cty.Bool,
 				Optional:    false,
-				Description: "Skips the KMS key validation. Defaults to False.",
+				Description: "Skip the KMS key ID validation.",
 			},
 			"sse_customer_key": {
 				Type:        cty.String,