TechQA.

Packer kms_key_id for ebs volumes

2.5k views Asked by At

I'm trying to use packer to build an AMI with encrypted EBS volumes (but not an encrypted root volume). The packer documentation says:

kms_key_id (string) - The ID of the KMS key to use for boot volume encryption. https://www.packer.io/docs/builders/amazon-ebs.html#kms_key_id

If I supplied a kms_key_id and mark the desired ebs volumes' ami_ and launch_block_device_mappings as encrypted, will packer use that kms key? Or will a default CMK key be used?

amazon-web-services packer amazon-kms
Original Q&A
1

There are 1 answers

0
Rickard von Essen On BEST ANSWER

Quickly looking into the code it looks like kms_key_id is only used for the encryption of the boot volume. Other block_device_mappings with "encrypted": true will be encrypted with the default EBS KMS key.

Related Questions in AMAZON-WEB-SERVICES

Related Questions in PACKER

Related Questions in AMAZON-KMS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions