Provides a resource to manage the default customer master key (CMK) that your AWS account uses to encrypt EBS volumes.
Your AWS account has an AWS-managed default CMK that is used for encrypting an EBS volume when no CMK is specified in the API call that creates the volume.
By using the aws_ebs_default_kms_key
resource, you can specify a customer-managed CMK to use in place of the AWS-managed default CMK.
resource "aws_ebs_default_kms_key" "example" {
key_arn = aws_kms_key.example.arn
}
This resource supports the following arguments:
key_arn
- (Required, ForceNew) The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the EBS volume.This resource exports no additional attributes.
In Terraform v1.5.0 and later, use an import
block to import the EBS default KMS CMK using the KMS key ARN. For example:
import {
to = aws_ebs_default_kms_key.example
id = "arn:aws:kms:us-east-1:123456789012:key/abcd-1234"
}
Using terraform import
, import the EBS default KMS CMK using the KMS key ARN. For example:
% terraform import aws_ebs_default_kms_key.example arn:aws:kms:us-east-1:123456789012:key/abcd-1234