I'm trying to use packer to build an AMI with encrypted EBS volumes (but not an encrypted root volume). The packer documentation says:
kms_key_id (string) - The ID of the KMS key to use for boot volume encryption. https://www.packer.io/docs/builders/amazon-ebs.html#kms_key_id
If I supplied a kms_key_id
and mark the desired ebs volumes' ami_
and launch_block_device_mappings
as encrypted, will packer use that kms key? Or will a default CMK key be used?
Quickly looking into the code it looks like
kms_key_id
is only used for the encryption of the boot volume. Otherblock_device_mappings
with"encrypted": true
will be encrypted with the default EBS KMS key.