diff --git a/aws/resource_aws_db_instance_test.go b/aws/resource_aws_db_instance_test.go
index 91548dcc777..bc89f931ed4 100644
--- a/aws/resource_aws_db_instance_test.go
+++ b/aws/resource_aws_db_instance_test.go
@@ -169,7 +169,8 @@ func TestAccAWSDBInstance_generatedName(t *testing.T) {
 
 func TestAccAWSDBInstance_kmsKey(t *testing.T) {
 	var v rds.DBInstance
-	keyRegex := regexp.MustCompile("^arn:aws:kms:")
+	kmsKeyResourceName := "aws_kms_key.foo"
+	resourceName := "aws_db_instance.bar"
 
 	ri := acctest.RandInt()
 	config := fmt.Sprintf(testAccAWSDBInstanceConfigKmsKeyId, ri)
@@ -182,12 +183,23 @@ func TestAccAWSDBInstance_kmsKey(t *testing.T) {
 			{
 				Config: config,
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSDBInstanceExists("aws_db_instance.bar", &v),
+					testAccCheckAWSDBInstanceExists(resourceName, &v),
 					testAccCheckAWSDBInstanceAttributes(&v),
-					resource.TestMatchResourceAttr(
-						"aws_db_instance.bar", "kms_key_id", keyRegex),
+					resource.TestCheckResourceAttrPair(resourceName, "kms_key_id", kmsKeyResourceName, "arn"),
 				),
 			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"apply_immediately",
+					"delete_automated_backups",
+					"final_snapshot_identifier",
+					"password",
+					"skip_final_snapshot",
+				},
+			},
 		},
 	})
 }
diff --git a/aws/resource_aws_ebs_snapshot_test.go b/aws/resource_aws_ebs_snapshot_test.go
index d27eedb7203..d34e17c9c1a 100644
--- a/aws/resource_aws_ebs_snapshot_test.go
+++ b/aws/resource_aws_ebs_snapshot_test.go
@@ -113,6 +113,7 @@ func TestAccAWSEBSSnapshot_withDescription(t *testing.T) {
 func TestAccAWSEBSSnapshot_withKms(t *testing.T) {
 	var v ec2.Snapshot
 	rName := fmt.Sprintf("tf-acc-ebs-snapshot-kms-%s", acctest.RandString(7))
+	kmsKeyResourceName := "aws_kms_key.test"
 	resourceName := "aws_ebs_snapshot.test"
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -124,8 +125,7 @@ func TestAccAWSEBSSnapshot_withKms(t *testing.T) {
 				Config: testAccAwsEbsSnapshotConfigWithKms(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckSnapshotExists(resourceName, &v),
-					resource.TestMatchResourceAttr(resourceName, "kms_key_id",
-						regexp.MustCompile(`^arn:aws:kms:[a-z]{2}-[a-z]+-\d{1}:[0-9]{12}:key/[a-z0-9-]{36}$`)),
+					resource.TestCheckResourceAttrPair(resourceName, "kms_key_id", kmsKeyResourceName, "arn"),
 				),
 			},
 			{
diff --git a/aws/resource_aws_fsx_windows_file_system_test.go b/aws/resource_aws_fsx_windows_file_system_test.go
index ecb8fbbbb5e..100627f2189 100644
--- a/aws/resource_aws_fsx_windows_file_system_test.go
+++ b/aws/resource_aws_fsx_windows_file_system_test.go
@@ -89,7 +89,7 @@ func TestAccAWSFsxWindowsFileSystem_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "copy_tags_to_backups", "false"),
 					resource.TestMatchResourceAttr(resourceName, "daily_automatic_backup_start_time", regexp.MustCompile(`^\d\d:\d\d$`)),
 					resource.TestMatchResourceAttr(resourceName, "dns_name", regexp.MustCompile(`fs-.+\..+`)),
-					resource.TestMatchResourceAttr(resourceName, "kms_key_id", regexp.MustCompile(`^arn:`)),
+					testAccMatchResourceAttrRegionalARN(resourceName, "kms_key_id", "kms", regexp.MustCompile(`key/.+`)),
 					resource.TestCheckResourceAttr(resourceName, "network_interface_ids.#", "1"),
 					testAccCheckResourceAttrAccountID(resourceName, "owner_id"),
 					resource.TestCheckResourceAttr(resourceName, "security_group_ids.#", "0"),
diff --git a/aws/resource_aws_rds_cluster_instance_test.go b/aws/resource_aws_rds_cluster_instance_test.go
index 075e80bb342..f7762264018 100644
--- a/aws/resource_aws_rds_cluster_instance_test.go
+++ b/aws/resource_aws_rds_cluster_instance_test.go
@@ -192,7 +192,7 @@ func TestAccAWSRDSClusterInstance_generatedName(t *testing.T) {
 
 func TestAccAWSRDSClusterInstance_kmsKey(t *testing.T) {
 	var v rds.DBInstance
-	keyRegex := regexp.MustCompile("^arn:aws:kms:")
+	kmsKeyResourceName := "aws_kms_key.foo"
 	resourceName := "aws_rds_cluster_instance.cluster_instances"
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -204,7 +204,7 @@ func TestAccAWSRDSClusterInstance_kmsKey(t *testing.T) {
 				Config: testAccAWSClusterInstanceConfigKmsKey(acctest.RandInt()),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSClusterInstanceExists(resourceName, &v),
-					resource.TestMatchResourceAttr(resourceName, "kms_key_id", keyRegex),
+					resource.TestCheckResourceAttrPair(resourceName, "kms_key_id", kmsKeyResourceName, "arn"),
 				),
 			},
 			{
diff --git a/awsproviderlint/passes/AWSAT001/AWSAT001.go b/awsproviderlint/passes/AWSAT001/AWSAT001.go
index 2b9ac236153..765a8809fbc 100644
--- a/awsproviderlint/passes/AWSAT001/AWSAT001.go
+++ b/awsproviderlint/passes/AWSAT001/AWSAT001.go
@@ -70,16 +70,16 @@ func run(pass *analysis.Pass) (interface{}, error) {
 }
 
 func AttributeNameAppearsArnRelated(attributeName string) bool {
-	if attributeName == "arn" {
+	if attributeName == "arn" || attributeName == "kms_key_id" {
 		return true
 	}
 
-	if strings.HasSuffix(attributeName, "_arn") {
+	if strings.HasSuffix(attributeName, "_arn") || strings.HasSuffix(attributeName, "_kms_key_id") {
 		return true
 	}
 
 	// Handle flatmap nested attribute
-	if strings.HasSuffix(attributeName, ".arn") {
+	if strings.HasSuffix(attributeName, ".arn") || strings.HasSuffix(attributeName, ".kms_key_id") {
 		return true
 	}
 
diff --git a/awsproviderlint/passes/AWSAT001/AWSAT001_test.go b/awsproviderlint/passes/AWSAT001/AWSAT001_test.go
index ab6b8f4e027..7176e9a8273 100644
--- a/awsproviderlint/passes/AWSAT001/AWSAT001_test.go
+++ b/awsproviderlint/passes/AWSAT001/AWSAT001_test.go
@@ -33,21 +33,41 @@ func TestAttributeNameAppearsArnRelated(t *testing.T) {
 			AttributeName: "arn",
 			Expected:      true,
 		},
+		{
+			Name:          "equals kms_key_id",
+			AttributeName: "kms_key_id",
+			Expected:      true,
+		},
 		{
 			Name:          "arn suffix",
 			AttributeName: "some_arn",
 			Expected:      true,
 		},
+		{
+			Name:          "kms_key_id suffix",
+			AttributeName: "some_kms_key_id",
+			Expected:      true,
+		},
 		{
 			Name:          "nested attribute equals arn",
 			AttributeName: "config_block.0.arn",
 			Expected:      true,
 		},
+		{
+			Name:          "nested attribute equals kms_key_id",
+			AttributeName: "config_block.0.kms_key_id",
+			Expected:      true,
+		},
 		{
 			Name:          "nested attribute arn suffix",
 			AttributeName: "config_block.0.some_arn",
 			Expected:      true,
 		},
+		{
+			Name:          "nested attribute kms_key_id suffix",
+			AttributeName: "config_block.0.some_kms_key_id",
+			Expected:      true,
+		},
 	}
 
 	for _, testCase := range testCases {