Resource: aws_ebs_default_kms_key

Provides a resource to manage the default customer master key (CMK) that your AWS account uses to encrypt EBS volumes.

Your AWS account has an AWS-managed default CMK that is used for encrypting an EBS volume when no CMK is specified in the API call that creates the volume. By using the aws_ebs_default_kms_key resource, you can specify a customer-managed CMK to use in place of the AWS-managed default CMK.

Example Usage

resource "aws_ebs_default_kms_key" "example" {
  key_arn = aws_kms_key.example.arn
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports no additional attributes.

Import

In Terraform v1.5.0 and later, use an import block to import the EBS default KMS CMK using the KMS key ARN. For example:

import {
  to = aws_ebs_default_kms_key.example
  id = "arn:aws:kms:us-east-1:123456789012:key/abcd-1234"
}

Using terraform import, import the EBS default KMS CMK using the KMS key ARN. For example:

% terraform import aws_ebs_default_kms_key.example arn:aws:kms:us-east-1:123456789012:key/abcd-1234