Elastic Block Storage Encryption

This module configures EC2 Elastic Block Storage encryption defaults, allowing encryption to be enabled for all new EBS volumes and selection of a KMS Customer Managed Key to use by default.

This module is not meant to be used directly. Instead, it's used under the hood in the account-baseline-* modules. Please see those modules for more information.

Background Information

EBS encryption including how default keys and the encryption-by-default settings work.
AWS blog: Opt-in to Default Encryption for New EBS Volumes

Reference

Inputs
Outputs

Optional

create_resourcesbooloptional

Set to false to have this module skip creating resources. This weird parameter exists solely because Terraform does not support conditional modules. Therefore, this is a hack to allow you to conditionally decide if the resources in this module should be created or not.

Default:false

enable_encryptionbooloptional

If set to true, all new EBS volumes will have encryption enabled by default

Default:true

kms_key_arnstringoptional

Optional KMS key ARN used for EBS volume encryption when use_existing_kms_key is true.

Default:null

use_existing_kms_keybooloptional

Whether or not to use the existing key specified in kms_key_arn. We need this weird parameter because count must be a known value at plan time, so we cannot calculate whether or not to use the key dynamically.

Default:false

aws_ebs_encryption_by_default_enabled

Whether or not EBS volume encryption is enabled by default.

aws_ebs_encryption_default_kms_key

The default KMS key used for EBS encryption.

Elastic Block Storage Encryption

Background Information​

Reference​

Optional​

Background Information

Reference

Optional