Docs Home
AWS v7.4.0 published on Wednesday, Aug 13, 2025 by Pulumi
aws.ebs.getDefaultKmsKey
Explore with Pulumi AI
Use this data source to get the default EBS encryption KMS key in the current region.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.ebs.getDefaultKmsKey({});
const example = new aws.ebs.Volume("example", {
availabilityZone: "us-west-2a",
encrypted: true,
kmsKeyId: current.then(current => current.keyArn),
});
import pulumi
import pulumi_aws as aws
current = aws.ebs.get_default_kms_key()
example = aws.ebs.Volume("example",
availability_zone="us-west-2a",
encrypted=True,
kms_key_id=current.key_arn)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ebs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := ebs.LookupDefaultKmsKey(ctx, &ebs.LookupDefaultKmsKeyArgs{}, nil)
if err != nil {
return err
}
_, err = ebs.NewVolume(ctx, "example", &ebs.VolumeArgs{
AvailabilityZone: pulumi.String("us-west-2a"),
Encrypted: pulumi.Bool(true),
KmsKeyId: pulumi.String(current.KeyArn),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.Ebs.GetDefaultKmsKey.Invoke();
var example = new Aws.Ebs.Volume("example", new()
{
AvailabilityZone = "us-west-2a",
Encrypted = true,
KmsKeyId = current.Apply(getDefaultKmsKeyResult => getDefaultKmsKeyResult.KeyArn),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ebs.EbsFunctions;
import com.pulumi.aws.ebs.inputs.GetDefaultKmsKeyArgs;
import com.pulumi.aws.ebs.Volume;
import com.pulumi.aws.ebs.VolumeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = EbsFunctions.getDefaultKmsKey(GetDefaultKmsKeyArgs.builder()
.build());
var example = new Volume("example", VolumeArgs.builder()
.availabilityZone("us-west-2a")
.encrypted(true)
.kmsKeyId(current.keyArn())
.build());
}
}
resources:
example:
type: aws:ebs:Volume
properties:
availabilityZone: us-west-2a
encrypted: true
kmsKeyId: ${current.keyArn}
variables:
current:
fn::invoke:
function: aws:ebs:getDefaultKmsKey
arguments: {}
Using getDefaultKmsKey
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getDefaultKmsKey(args: GetDefaultKmsKeyArgs, opts?: InvokeOptions): Promise<GetDefaultKmsKeyResult>
function getDefaultKmsKeyOutput(args: GetDefaultKmsKeyOutputArgs, opts?: InvokeOptions): Output<GetDefaultKmsKeyResult>def get_default_kms_key(region: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetDefaultKmsKeyResult
def get_default_kms_key_output(region: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetDefaultKmsKeyResult]func LookupDefaultKmsKey(ctx *Context, args *LookupDefaultKmsKeyArgs, opts ...InvokeOption) (*LookupDefaultKmsKeyResult, error)
func LookupDefaultKmsKeyOutput(ctx *Context, args *LookupDefaultKmsKeyOutputArgs, opts ...InvokeOption) LookupDefaultKmsKeyResultOutput> Note: This function is named LookupDefaultKmsKey in the Go SDK.
public static class GetDefaultKmsKey
{
public static Task<GetDefaultKmsKeyResult> InvokeAsync(GetDefaultKmsKeyArgs args, InvokeOptions? opts = null)
public static Output<GetDefaultKmsKeyResult> Invoke(GetDefaultKmsKeyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetDefaultKmsKeyResult> getDefaultKmsKey(GetDefaultKmsKeyArgs args, InvokeOptions options)
public static Output<GetDefaultKmsKeyResult> getDefaultKmsKey(GetDefaultKmsKeyArgs args, InvokeOptions options)
fn::invoke:
function: aws:ebs/getDefaultKmsKey:getDefaultKmsKey
arguments:
# arguments dictionaryThe following arguments are supported:
getDefaultKmsKey Result
The following output properties are available:
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.