aws logo
AWS Classic v5.41.0, May 15 23

aws.ebs.getDefaultKmsKey

Explore with Pulumi AI

Use this data source to get the default EBS encryption KMS key in the current region.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var current = Aws.Ebs.GetDefaultKmsKey.Invoke();

    var example = new Aws.Ebs.Volume("example", new()
    {
        AvailabilityZone = "us-west-2a",
        Encrypted = true,
        KmsKeyId = current.Apply(getDefaultKmsKeyResult => getDefaultKmsKeyResult.KeyArn),
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ebs"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := ebs.LookupDefaultKmsKey(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = ebs.NewVolume(ctx, "example", &ebs.VolumeArgs{
			AvailabilityZone: pulumi.String("us-west-2a"),
			Encrypted:        pulumi.Bool(true),
			KmsKeyId:         *pulumi.String(current.KeyArn),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ebs.EbsFunctions;
import com.pulumi.aws.ebs.Volume;
import com.pulumi.aws.ebs.VolumeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = EbsFunctions.getDefaultKmsKey();

        var example = new Volume("example", VolumeArgs.builder()        
            .availabilityZone("us-west-2a")
            .encrypted(true)
            .kmsKeyId(current.applyValue(getDefaultKmsKeyResult -> getDefaultKmsKeyResult.keyArn()))
            .build());

    }
}
import pulumi
import pulumi_aws as aws

current = aws.ebs.get_default_kms_key()
example = aws.ebs.Volume("example",
    availability_zone="us-west-2a",
    encrypted=True,
    kms_key_id=current.key_arn)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = aws.ebs.getDefaultKmsKey({});
const example = new aws.ebs.Volume("example", {
    availabilityZone: "us-west-2a",
    encrypted: true,
    kmsKeyId: current.then(current => current.keyArn),
});
resources:
  example:
    type: aws:ebs:Volume
    properties:
      availabilityZone: us-west-2a
      encrypted: true
      kmsKeyId: ${current.keyArn}
variables:
  current:
    fn::invoke:
      Function: aws:ebs:getDefaultKmsKey
      Arguments: {}

Using getDefaultKmsKey

function getDefaultKmsKey(opts?: InvokeOptions): Promise<GetDefaultKmsKeyResult>
def get_default_kms_key(opts: Optional[InvokeOptions] = None) -> GetDefaultKmsKeyResult
func LookupDefaultKmsKey(ctx *Context, opts ...InvokeOption) (*LookupDefaultKmsKeyResult, error)

> Note: This function is named LookupDefaultKmsKey in the Go SDK.

public static class GetDefaultKmsKey 
{
    public static Task<GetDefaultKmsKeyResult> InvokeAsync(InvokeOptions? opts = null)
}
public static CompletableFuture<GetDefaultKmsKeyResult> getDefaultKmsKey(InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: aws:ebs/getDefaultKmsKey:getDefaultKmsKey
  arguments:
    # arguments dictionary

getDefaultKmsKey Result

The following output properties are available:

Id string

The provider-assigned unique ID for this managed resource.

KeyArn string

ARN of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

Id string

The provider-assigned unique ID for this managed resource.

KeyArn string

ARN of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

id String

The provider-assigned unique ID for this managed resource.

keyArn String

ARN of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

id string

The provider-assigned unique ID for this managed resource.

keyArn string

ARN of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

id str

The provider-assigned unique ID for this managed resource.

key_arn str

ARN of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

id String

The provider-assigned unique ID for this managed resource.

keyArn String

ARN of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.