Resource: awsEbsDefaultKmsKey
Provides a resource to manage the default customer master key (CMK) that your AWS account uses to encrypt EBS volumes.
Your AWS account has an AWS-managed default CMK that is used for encrypting an EBS volume when no CMK is specified in the API call that creates the volume. By using the awsEbsDefaultKmsKey
resource, you can specify a customer-managed CMK to use in place of the AWS-managed default CMK.
\~> NOTE: Creating an awsEbsDefaultKmsKey
resource does not enable default EBS encryption. Use the awsEbsEncryptionByDefault
to enable default EBS encryption.
\~> NOTE: Destroying this resource will reset the default CMK to the account's AWS-managed default CMK for EBS.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ebsDefaultKmsKey.EbsDefaultKmsKey(this, "example", {
keyArn: "${aws_kms_key.example.arn}",
});
Argument Reference
The following arguments are supported:
keyArn
- (Required, ForceNew) The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the EBS volume.
Attributes Reference
No additional attributes are exported.
Import
The EBS default KMS CMK can be imported with the KMS key ARN, e.g.,