CloudFormation Drift for EBS reports incorrect drift for EBS KmsKeyId

[aledsage]

Name of the resource

AWS::EC2::Instance

Resource Name

No response

Issue Description

We have a CloudFormation stack containing the following:

  MyEC2Instance:
    Type: "AWS::EC2::Instance"
    UpdateReplacePolicy: "Delete"
    DeletionPolicy: "Delete"
    Properties:
      Tenancy: "default"
      BlockDeviceMappings:
      - Ebs:
          VolumeType: "gp3"
          Encrypted: true
          KmsKeyId: !Ref KMSKeyIdEc2Volume
          VolumeSize: 30
          DeleteOnTermination: true
        DeviceName: "/dev/sda1"
        ...

Drift detection incorrectly reports drift on the EC2 instance, on BlockDeviceMappings.0.Ebs.KmsKeyId:

actual:

      "Ebs": {
        "VolumeType": "gp3",
        "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/12345678-1234-1234-1234-123456789012",
        "Encrypted": true,
        "VolumeSize": 30,
        "DeleteOnTermination": true
      },

Vs expected:

      "Ebs": {
        "VolumeType": "gp3",
        "KmsKeyId": "12345678-1234-1234-1234-123456789012",
        "Encrypted": true,
        "VolumeSize": 30,
        "DeleteOnTermination": true
      },

The AWS docs clearly state that the EBS KmsKeyId should be the id (and not the ARN): https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-ec2-instance-ebs.html#cfn-ec2-instance-ebs-kmskeyid

Expected Behavior

Drift detection should say that there is no drift.

Observed Behavior

Drift detection says there is drift.

Test Cases

Deploy a CloudFormation stack with a resource like this, and then do Drift Detection.

Other Details

No response