Merge pull request #6898 from rickard-von-essen/kms-id-docs

Reference AWS docs for valid formats for kms_key_id
This commit is contained in:
Megan Marsh 2018-10-23 12:20:57 -07:00 committed by GitHub
commit 95d107a89c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 30 additions and 8 deletions

View File

@ -151,7 +151,8 @@ each category, the available configuration keys are alphabetized.
- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption.
This only applies to the main `region`, other regions where the AMI will be copied
will be encrypted by the default EBS KMS key.
will be encrypted by the default EBS KMS key. For valid formats see _KmsKeyId_ in the
[AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
- `from_scratch` (boolean) - Build a new volume instead of starting from an
existing AMI root volume snapshot. Default `false`. If `true`, `source_ami` is
@ -179,6 +180,8 @@ each category, the available configuration keys are alphabetized.
- `kms_key_id` (string) - The ARN for the KMS encryption key. When
specifying `kms_key_id`, `encrypted` needs to be set to `true`.
For valid formats see _KmsKeyId_ in the
[AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
- `iops` (number) - The number of I/O operations per second (IOPS) that the
volume supports. See the documentation on
@ -209,7 +212,10 @@ each category, the available configuration keys are alphabetized.
If you want a region to be encrypted with that region's default key ID, you can
use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
However, you cannot use default key IDs if you are using this in conjunction with
`snapshot_users` -- in that situation you must use custom keys.
`snapshot_users` -- in that situation you must use custom keys. For valid formats
see _KmsKeyId_ in the
[AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
- `root_device_name` (string) - The root device name. For example, `xvda`.

View File

@ -226,7 +226,9 @@ builder.
- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption.
This only applies to the main `region`, other regions where the AMI will be copied
will be encrypted by the default EBS KMS key.
will be encrypted by the default EBS KMS key. For valid formats
see _KmsKeyId_ in the
[AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
- `iam_instance_profile` (string) - The name of an [IAM instance
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
@ -256,7 +258,9 @@ builder.
If you want a region to be encrypted with that region's default key ID, you can
use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
However, you cannot use default key IDs if you are using this in conjunction with
`snapshot_users` -- in that situation you must use custom keys.
`snapshot_users` -- in that situation you must use custom keys. For valid formats
see _KmsKeyId_ in the
[AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
- `run_tags` (object of key/value strings) - Tags to apply to the instance
that is *launched* to create the AMI. These tags are *not* applied to the

View File

@ -220,7 +220,10 @@ builder.
- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption.
This only applies to the main `region`, other regions where the AMI will be copied
will be encrypted by the default EBS KMS key.
will be encrypted by the default EBS KMS key. For valid formats
see _KmsKeyId_ in the
[AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
- `iam_instance_profile` (string) - The name of an [IAM instance
profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
@ -250,7 +253,10 @@ builder.
If you want a region to be encrypted with that region's default key ID, you can
use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
However, you cannot use default key IDs if you are using this in conjunction with
`snapshot_users` -- in that situation you must use custom keys.
`snapshot_users` -- in that situation you must use custom keys. For valid formats
see _KmsKeyId_ in the
[AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
- `run_tags` (object of key/value strings) - Tags to apply to the instance
that is *launched* to create the AMI. These tags are *not* applied to the

View File

@ -72,7 +72,10 @@ builder.
- `encrypted` (boolean) - Indicates whether to encrypt the volume or not
- `kms_key_id` (string) - The ARN for the KMS encryption key. When
specifying `kms_key_id`, `encrypted` needs to be set to `true`.
specifying `kms_key_id`, `encrypted` needs to be set to `true`. For valid formats
see _KmsKeyId_ in the
[AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
- `iops` (number) - The number of I/O operations per second (IOPS) that the
volume supports. See the documentation on

View File

@ -264,7 +264,10 @@ builder.
If you want a region to be encrypted with that region's default key ID, you can
use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
However, you cannot use default key IDs if you are using this in conjunction with
`snapshot_users` -- in that situation you must use custom keys.
`snapshot_users` -- in that situation you must use custom keys. For valid formats
see _KmsKeyId_ in the
[AWS API docs - CopyImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html).
- `run_tags` (object of key/value strings) - Tags to apply to the instance
that is *launched* to create the AMI. These tags are *not* applied to the