2

I'm trying to use packer to build an AMI with encrypted EBS volumes (but not an encrypted root volume). The packer documentation says:

kms_key_id (string) - The ID of the KMS key to use for boot volume encryption. https://www.packer.io/docs/builders/amazon-ebs.html#kms_key_id

If I supplied a kms_key_id and mark the desired ebs volumes' ami_ and launch_block_device_mappings as encrypted, will packer use that kms key? Or will a default CMK key be used?

4

1 回答 1

3

快速查看它看起来的代码kms_key_id仅用于启动卷的加密。其他将使用默认的 EBS KMS 密钥进行加密block_device_mappings"encrypted": true

于 2017-01-06T23:10:23.140 回答