diff --git a/CHANGELOG.md b/CHANGELOG.md
index d45745a..53aa534 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -270,5 +270,9 @@
     - update cloudforms_ami to empty in EW (as we have no keys defined)
 
 * 2.4.3 -- 2023-06-23
-  - terraform-tate
+  - terraform-state
     - add bucket_key_enabled (false) to enable bucket keys
+
+* 2.4.4 -- 2023-08-24
+  - terraform-state
+    - add data resource for ddb kms key to get it created before using to prevent a race condition on the creation of the DDB table
diff --git a/common/version.tf b/common/version.tf
index 31e4b38..59b218e 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.4.3"
+  _module_version = "2.4.4"
 }
diff --git a/terraform-state/README.md b/terraform-state/README.md
index 1cdcd16..ffec5e8 100644
--- a/terraform-state/README.md
+++ b/terraform-state/README.md
@@ -94,6 +94,7 @@ No modules.
 | [aws_iam_policy_document.tfstate_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.tfstate_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.tfstate_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_kms_key.kms_dynamodb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_regions.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source |
 
diff --git a/terraform-state/main.tf b/terraform-state/main.tf
index 2e6d67a..a0d9b2f 100644
--- a/terraform-state/main.tf
+++ b/terraform-state/main.tf
@@ -64,6 +64,10 @@ locals {
   }
 }
 
+# this pre-loads the key so that it is ready when the DDB table create happens
+data "aws_kms_key" "kms_dynamodb" {
+  name = "alias/aws/dynamodb"
+}
 
 #---
 # dynamodb table