Encryption option for ebs volumes on AWS

[VARSHA GS]

Hi.. I found encryption option "encrypted": true, here it takes the default key to encrypt the volumes. However we were looking option to specify the kms key(customised) / imported from Cloud HSM to encrypt the volumes. Could you please provide the same. ????

[Alvaro Miranda Aguilera]

Hello,

It seems that the setup doesn't specify a key, since AWS default to the master key.

The initial PR was done here:

https://github.com/mitchellh/packer/pull/1194

That shows the change done to the packer and goamz projects to support this.

The documentation referenced is here:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

I can't see any code for keys, so it seems the code as is today just encrypt:

The first time you create an encrypted volume in a region, a default CMK is created for you automatically. This key is used for Amazon EBS encryption unless you select a CMK that you created separately using AWS KMS.

Alvaro.

On Fri, Sep 30, 2016 at 5:56 AM, VARSHA GS <varsh...@gmail.com> wrote:

Hi.. I found encryption option "encrypted": true, here it takes the default key to encrypt the volumes.  However we were looking option to specify the kms key(customised) / imported from Cloud HSM to encrypt the volumes. Could you please provide the same. ????

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/e6d8c5ed-7ebb-4e10-a9ba-fd229471fc1a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Alvaro

[Rickard von Essen]

If you need support for specifying a key adding such functionality would be easy. PR's are welcome.

Regards,

Rickard

To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CAHqq0ewyNyy6hxzTNR4zm_wRFK31TQ39FoGvjuuUx2rgAXoPRQ%40mail.gmail.com.