How do I correctly set 'AMIRegionKMSKeyIDs'?

jason-oc · November 24, 2023, 11:30am

Relatively new to Packer. Using it to build Amazon Machine Images, both Windows and Linux.

When setting up encrypted volumes (EBS) on an Amazon AMI, I understand from the documentation that I need to set ‘kms_key_id’ and the documentation also says “any regions the AMI gets copied to copied will be encrypted by the default EBS KMS key for that region, unless you set region-specific keys in AMIRegionKMSKeyIDs”.

First off, the word “copied” is there one too many times but what I really wanna know is how do I correctly set ‘AMIRegionKMSKeyIDs’? What is the syntax?

lbajolet-hashicorp · November 24, 2023, 3:08pm

Hi @jason-oc,

Thanks for pointing out the errors in the docs, I’ll open a PR to fix that today.
The attribute you’re looking for is called region_kms_key_ids (for reference, AMIRegionKMSKeyIDs is the name in the code), and it’s a map[string]string, which you can declare in your template like so (assuming HCL):

source "amazon-ebs" "example" {
    ami_regions = ["us-east-1", "us-east-2"]
    region_kms_key_ids = {
        "us-east-1": "<key_id_for_east1>",
        "us-east-2": "<key_id_for_east2>"
    }
}

Hope that helps!