AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.4.0 published on Wednesday, May 4, 2022 by Pulumi

getDefaultKmsKey

Use this data source to get the default EBS encryption KMS key in the current region.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var current = Output.Create(Aws.Ebs.GetDefaultKmsKey.InvokeAsync());
        var example = new Aws.Ebs.Volume("example", new Aws.Ebs.VolumeArgs
        {
            AvailabilityZone = "us-west-2a",
            Encrypted = true,
            KmsKeyId = current.Apply(current => current.KeyArn),
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ebs"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := ebs.LookupDefaultKmsKey(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = ebs.NewVolume(ctx, "example", &ebs.VolumeArgs{
			AvailabilityZone: pulumi.String("us-west-2a"),
			Encrypted:        pulumi.Bool(true),
			KmsKeyId:         pulumi.String(current.KeyArn),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = Output.of(EbsFunctions.getDefaultKmsKey());

        var example = new Volume("example", VolumeArgs.builder()        
            .availabilityZone("us-west-2a")
            .encrypted(true)
            .kmsKeyId(current.apply(getDefaultKmsKeyResult -> getDefaultKmsKeyResult.getKeyArn()))
            .build());

        }
}
import pulumi
import pulumi_aws as aws

current = aws.ebs.get_default_kms_key()
example = aws.ebs.Volume("example",
    availability_zone="us-west-2a",
    encrypted=True,
    kms_key_id=current.key_arn)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = aws.ebs.getDefaultKmsKey({});
const example = new aws.ebs.Volume("example", {
    availabilityZone: "us-west-2a",
    encrypted: true,
    kmsKeyId: current.then(current => current.keyArn),
});
resources:
  example:
    type: aws:ebs:Volume
    properties:
      availabilityZone: us-west-2a
      encrypted: true
      kmsKeyId: ${current.keyArn}
variables:
  current:
    Fn::Invoke:
      Function: aws:ebs:getDefaultKmsKey
      Arguments: {}

Using getDefaultKmsKey

function getDefaultKmsKey(opts?: InvokeOptions): Promise<GetDefaultKmsKeyResult>
def get_default_kms_key(opts: Optional[InvokeOptions] = None) -> GetDefaultKmsKeyResult
func LookupDefaultKmsKey(ctx *Context, opts ...InvokeOption) (*LookupDefaultKmsKeyResult, error)

> Note: This function is named LookupDefaultKmsKey in the Go SDK.

public static class GetDefaultKmsKey 
{
    public static Task<GetDefaultKmsKeyResult> InvokeAsync(InvokeOptions? opts = null)
}
public static CompletableFuture<GetDefaultKmsKeyResult> getDefaultKmsKey(InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: aws:ebs/getDefaultKmsKey:getDefaultKmsKey
  Arguments:
    # Arguments dictionary

getDefaultKmsKey Result

The following output properties are available:

Id string

The provider-assigned unique ID for this managed resource.

KeyArn string

Amazon Resource Name (ARN) of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

Id string

The provider-assigned unique ID for this managed resource.

KeyArn string

Amazon Resource Name (ARN) of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

id String

The provider-assigned unique ID for this managed resource.

keyArn String

Amazon Resource Name (ARN) of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

id string

The provider-assigned unique ID for this managed resource.

keyArn string

Amazon Resource Name (ARN) of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

id str

The provider-assigned unique ID for this managed resource.

key_arn str

Amazon Resource Name (ARN) of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

id String

The provider-assigned unique ID for this managed resource.

keyArn String

Amazon Resource Name (ARN) of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.