Packer kms_key_id for ebs volumes

2.5k views Asked by At

I'm trying to use packer to build an AMI with encrypted EBS volumes (but not an encrypted root volume). The packer documentation says:

kms_key_id (string) - The ID of the KMS key to use for boot volume encryption. https://www.packer.io/docs/builders/amazon-ebs.html#kms_key_id

If I supplied a kms_key_id and mark the desired ebs volumes' ami_ and launch_block_device_mappings as encrypted, will packer use that kms key? Or will a default CMK key be used?

1

There are 1 answers

0
Rickard von Essen On BEST ANSWER

Quickly looking into the code it looks like kms_key_id is only used for the encryption of the boot volume. Other block_device_mappings with "encrypted": true will be encrypted with the default EBS KMS key.