From a69ed1dcd685a4caa9b3ec0768d026e151173077 Mon Sep 17 00:00:00 2001 From: Artem Iarmoliuk Date: Mon, 15 Oct 2018 23:49:26 +0300 Subject: [PATCH] Clarify amazon kms_key_id usage --- website/source/docs/builders/amazon-chroot.html.md | 4 ++-- website/source/docs/builders/amazon-ebs.html.md | 4 ++-- website/source/docs/builders/amazon-ebssurrogate.html.md | 4 ++-- website/source/docs/builders/amazon-instance.html.md | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/website/source/docs/builders/amazon-chroot.html.md b/website/source/docs/builders/amazon-chroot.html.md index 8f84b49b6..fbd683b26 100644 --- a/website/source/docs/builders/amazon-chroot.html.md +++ b/website/source/docs/builders/amazon-chroot.html.md @@ -146,7 +146,7 @@ each category, the available configuration keys are alphabetized. process). Packer will always run this operation, even if the base AMI has an encrypted boot volume to start with. Default `false`. -- `kms_key_id` (string) - The ID of the KMS key to use for boot volume encryption. +- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption. This only applies to the main `region`, other regions where the AMI will be copied will be encrypted by the default EBS KMS key. @@ -199,7 +199,7 @@ each category, the available configuration keys are alphabetized. volumes - `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to, - along with the custom kms key id to use for encryption for that region. + along with the custom kms key id (alias or arn) to use for encryption for that region. Keys must match the regions provided in `ami_regions`. If you just want to encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`. If you want a region to be encrypted with that region's default key ID, you can diff --git a/website/source/docs/builders/amazon-ebs.html.md b/website/source/docs/builders/amazon-ebs.html.md index 8217fc714..2070dfb70 100644 --- a/website/source/docs/builders/amazon-ebs.html.md +++ b/website/source/docs/builders/amazon-ebs.html.md @@ -221,7 +221,7 @@ builder. process). Packer will always run this operation, even if the base AMI has an encrypted boot volume to start with. Default `false`. -- `kms_key_id` (string) - The ID of the KMS key to use for boot volume encryption. +- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption. This only applies to the main `region`, other regions where the AMI will be copied will be encrypted by the default EBS KMS key. @@ -247,7 +247,7 @@ builder. for more details. - `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to, - along with the custom kms key id to use for encryption for that region. + along with the custom kms key id (alias or arn) to use for encryption for that region. Keys must match the regions provided in `ami_regions`. If you just want to encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`. If you want a region to be encrypted with that region's default key ID, you can diff --git a/website/source/docs/builders/amazon-ebssurrogate.html.md b/website/source/docs/builders/amazon-ebssurrogate.html.md index d592b9805..67ab1a2dd 100644 --- a/website/source/docs/builders/amazon-ebssurrogate.html.md +++ b/website/source/docs/builders/amazon-ebssurrogate.html.md @@ -214,7 +214,7 @@ builder. process). Packer will always run this operation, even if the base AMI has an encrypted boot volume to start with. Default `false`. -- `kms_key_id` (string) - The ID of the KMS key to use for boot volume encryption. +- `kms_key_id` (string) - ID, alias or ARN of the KMS key to use for boot volume encryption. This only applies to the main `region`, other regions where the AMI will be copied will be encrypted by the default EBS KMS key. @@ -240,7 +240,7 @@ builder. for more details. - `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to, - along with the custom kms key id to use for encryption for that region. + along with the custom kms key id (alias or arn) to use for encryption for that region. Keys must match the regions provided in `ami_regions`. If you just want to encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`. If you want a region to be encrypted with that region's default key ID, you can diff --git a/website/source/docs/builders/amazon-instance.html.md b/website/source/docs/builders/amazon-instance.html.md index 412e2e703..e12744ee1 100644 --- a/website/source/docs/builders/amazon-instance.html.md +++ b/website/source/docs/builders/amazon-instance.html.md @@ -255,7 +255,7 @@ builder. for more details. - `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to, - along with the custom kms key id to use for encryption for that region. + along with the custom kms key id (alias or arn) to use for encryption for that region. Keys must match the regions provided in `ami_regions`. If you just want to encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`. If you want a region to be encrypted with that region's default key ID, you can