D Swartz
Reputation: 155
Packer kms_key_id for ebs volumes
I'm trying to use packer to build an AMI with encrypted EBS volumes (but not an encrypted root volume). The packer documentation says:
kms_key_id (string) - The ID of the KMS key to use for boot volume encryption. https://www.packer.io/docs/builders/amazon-ebs.html#kms_key_id
If I supplied a kms_key_id and mark the desired ebs volumes' ami_ and launch_block_device_mappings as encrypted, will packer use that kms key? Or will a default CMK key be used?
Upvotes: 2
Views: 2808
Answers (1)
Rickard von Essen
Reputation: 4278
Quickly looking into the code it looks like kms_key_id is only used for the encryption of the boot volume. Other block_device_mappings with "encrypted": true will be encrypted with the default EBS KMS key.
Upvotes: 4
Related Questions
- How to attach EBS volume with Packer during build time?
- AWS: How to get AWS KMS Key ID based on Tags
- AWS KMS Decrypt: How is the KMS Key configured?
- how to create AWS managed KMS Key
- Is it possible to define KMS Key ID for an EBS block device in Terraform
- Getting the KMS key from KMS CipherTextBlob
- aws kms decrypt the ciphertextblob
- Packer kms for block_device_mappings
- Packer Unable to attach EBS Volume
- AWS Java SDK: Specifying KMS Key Id For EBS