IBM Cloud:使用 Terraform 将密钥导入 Key Protect 时出现 "Unauthorized" 错误

IBM Cloud: "Unauthorized" error when importing key into Key Protect using Terraform

我正在使用 IBM Cloud 上的 Key Protect。我想使用 Terraform 将现有根密钥导入我的 Key Protect 实例。我正在关注 ibm_kms_key:

的文档 
data "ibm_resource_instance" "kms_instance" {
  name     = "henrikKeyProtectUS"
  service  = "kms"
  location = "us-south"
}

resource "ibm_kms_key" "key" {
  instance_id = data.ibm_resource_instance.kms_instance.guid
  key_name       = "mytestkey"
  standard_key   = false
  payload = "rtmETw5IrxFIkRjl7ZYIxMs5Dk/wWQLJ+eQU+HSrWUo="
}

应用更改时,Terraform returns 出现错误:

ibm_kms_key.key: Creating...
╷
│ Error: Error while creating Root key with payload: kp.Error: correlation_id='618f8712-b357-xxx-af12-155ad18fbc26', msg='Unauthorized: The user does not have access to the specified resource'
│ 
│   with ibm_kms_key.key,
│   on main.tf line 7, in resource "ibm_kms_key" "key":
│    7: resource "ibm_kms_key" "key" {

为什么?我是帐户所有者和 Key Protect 实例管理员。我应该拥有所有的特权。

该错误实际上在 ibm_kms_key 的介绍中有所描述,但很容易被看重。当前为提供商设置的区域必须与 KMS 实例的区域相匹配。

将我的提供商从“eu-de”切换到“us-south”后,我也能够导入密钥。

provider "ibm" {
  ibmcloud_api_key = var.ibmcloud_api_key
  region           = "us-south"
  ibmcloud_timeout = var.ibmcloud_timeout
}