Merge pull request #6898 from rickard-von-essen/kms-id-docs

Reference AWS docs for valid formats for kms_key_id
2018-10-23 12:20:57 -07:00 · 2018-10-23 12:20:57 -07:00 · 95d107a89c
parent 0cd3f36d50 bb63b08393
commit 95d107a89c
5 changed files with 30 additions and 8 deletions
--- a/website/source/docs/builders/amazon-chroot.html.md
+++ b/website/source/docs/builders/amazon-chroot.html.md
@ -151,7 +151,8 @@ each category, the available configuration keys are alphabetized.

 -   `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption.
    This only applies to the main `region`, other regions where the AMI will be copied
-    will be encrypted by the default EBS KMS key.
+    will be encrypted by the default EBS KMS key. For valid formats see _KmsKeyId_ in the
+    [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).

 -   `from_scratch` (boolean) - Build a new volume instead of starting from an
    existing AMI root volume snapshot. Default `false`. If `true`, `source_ami` is
@ -179,6 +180,8 @@ each category, the available configuration keys are alphabetized.

    -   `kms_key_id` (string) - The ARN for the KMS encryption key. When
        specifying `kms_key_id`, `encrypted` needs to be set to `true`.
+        For valid formats see _KmsKeyId_ in the
+        [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).

    -   `iops` (number) - The number of I/O operations per second (IOPS) that the
        volume supports. See the documentation on
@ -209,7 +212,10 @@ each category, the available configuration keys are alphabetized.
    If you want a region to be encrypted with that region's default key ID, you can
    use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
    However, you cannot use default key IDs if you are using this in conjunction with
-    `snapshot_users` -- in that situation you must use custom keys.
+    `snapshot_users` -- in that situation you must use custom keys. For valid formats
+    see _KmsKeyId_ in the
+    [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
+

 -   `root_device_name` (string) - The root device name. For example, `xvda`.

--- a/website/source/docs/builders/amazon-ebs.html.md
+++ b/website/source/docs/builders/amazon-ebs.html.md
@ -226,7 +226,9 @@ builder.

 -   `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption.
    This only applies to the main `region`, other regions where the AMI will be copied
-    will be encrypted by the default EBS KMS key.
+    will be encrypted by the default EBS KMS key. For valid formats
+    see _KmsKeyId_ in the
+    [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).

 -   `iam_instance_profile` (string) - The name of an [IAM instance
    profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
@ -256,7 +258,9 @@ builder.
    If you want a region to be encrypted with that region's default key ID, you can
    use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
    However, you cannot use default key IDs if you are using this in conjunction with
-    `snapshot_users` -- in that situation you must use custom keys.
+    `snapshot_users` -- in that situation you must use custom keys. For valid formats
+    see _KmsKeyId_ in the
+    [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).

 -   `run_tags` (object of key/value strings) - Tags to apply to the instance
    that is *launched* to create the AMI. These tags are *not* applied to the
--- a/website/source/docs/builders/amazon-ebssurrogate.html.md
+++ b/website/source/docs/builders/amazon-ebssurrogate.html.md
@ -220,7 +220,10 @@ builder.

 -   `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption.
    This only applies to the main `region`, other regions where the AMI will be copied
-    will be encrypted by the default EBS KMS key.
+    will be encrypted by the default EBS KMS key. For valid formats
+    see _KmsKeyId_ in the
+    [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
+

 -   `iam_instance_profile` (string) - The name of an [IAM instance
    profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
@ -250,7 +253,10 @@ builder.
    If you want a region to be encrypted with that region's default key ID, you can
    use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
    However, you cannot use default key IDs if you are using this in conjunction with
-    `snapshot_users` -- in that situation you must use custom keys.
+    `snapshot_users` -- in that situation you must use custom keys. For valid formats
+    see _KmsKeyId_ in the
+    [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
+

 -   `run_tags` (object of key/value strings) - Tags to apply to the instance
    that is *launched* to create the AMI. These tags are *not* applied to the
--- a/website/source/docs/builders/amazon-ebsvolume.html.md
+++ b/website/source/docs/builders/amazon-ebsvolume.html.md
@ -72,7 +72,10 @@ builder.
    -   `encrypted` (boolean) - Indicates whether to encrypt the volume or not

    -   `kms_key_id` (string) - The ARN for the KMS encryption key. When
-        specifying `kms_key_id`, `encrypted` needs to be set to `true`.
+        specifying `kms_key_id`, `encrypted` needs to be set to `true`. For valid formats
+        see _KmsKeyId_ in the
+        [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
+

    -   `iops` (number) - The number of I/O operations per second (IOPS) that the
        volume supports. See the documentation on
--- a/website/source/docs/builders/amazon-instance.html.md
+++ b/website/source/docs/builders/amazon-instance.html.md
@ -264,7 +264,10 @@ builder.
    If you want a region to be encrypted with that region's default key ID, you can
    use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
    However, you cannot use default key IDs if you are using this in conjunction with
-    `snapshot_users` -- in that situation you must use custom keys.
+    `snapshot_users` -- in that situation you must use custom keys. For valid formats
+    see _KmsKeyId_ in the
+    [AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
+

 -   `run_tags` (object of key/value strings) - Tags to apply to the instance
    that is *launched* to create the AMI. These tags are *not* applied to the