AWS v7.11.0 published on Wednesday, Nov 5, 2025 by Pulumi
aws.ebs.getDefaultKmsKey
Start a Neo task
Explain and create an aws.ebs.getDefaultKmsKey resource
Use this data source to get the default EBS encryption KMS key in the current region.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.ebs.getDefaultKmsKey({});
const example = new aws.ebs.Volume("example", {
availabilityZone: "us-west-2a",
encrypted: true,
kmsKeyId: current.then(current => current.keyArn),
});
import pulumi
import pulumi_aws as aws
current = aws.ebs.get_default_kms_key()
example = aws.ebs.Volume("example",
availability_zone="us-west-2a",
encrypted=True,
kms_key_id=current.key_arn)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ebs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := ebs.LookupDefaultKmsKey(ctx, &ebs.LookupDefaultKmsKeyArgs{}, nil)
if err != nil {
return err
}
_, err = ebs.NewVolume(ctx, "example", &ebs.VolumeArgs{
AvailabilityZone: pulumi.String("us-west-2a"),
Encrypted: pulumi.Bool(true),
KmsKeyId: pulumi.String(current.KeyArn),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.Ebs.GetDefaultKmsKey.Invoke();
var example = new Aws.Ebs.Volume("example", new()
{
AvailabilityZone = "us-west-2a",
Encrypted = true,
KmsKeyId = current.Apply(getDefaultKmsKeyResult => getDefaultKmsKeyResult.KeyArn),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ebs.EbsFunctions;
import com.pulumi.aws.ebs.inputs.GetDefaultKmsKeyArgs;
import com.pulumi.aws.ebs.Volume;
import com.pulumi.aws.ebs.VolumeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = EbsFunctions.getDefaultKmsKey(GetDefaultKmsKeyArgs.builder()
.build());
var example = new Volume("example", VolumeArgs.builder()
.availabilityZone("us-west-2a")
.encrypted(true)
.kmsKeyId(current.keyArn())
.build());
}
}
resources:
example:
type: aws:ebs:Volume
properties:
availabilityZone: us-west-2a
encrypted: true
kmsKeyId: ${current.keyArn}
variables:
current:
fn::invoke:
function: aws:ebs:getDefaultKmsKey
arguments: {}
Using getDefaultKmsKey
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getDefaultKmsKey(args: GetDefaultKmsKeyArgs, opts?: InvokeOptions): Promise<GetDefaultKmsKeyResult>
function getDefaultKmsKeyOutput(args: GetDefaultKmsKeyOutputArgs, opts?: InvokeOptions): Output<GetDefaultKmsKeyResult>def get_default_kms_key(region: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetDefaultKmsKeyResult
def get_default_kms_key_output(region: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetDefaultKmsKeyResult]func LookupDefaultKmsKey(ctx *Context, args *LookupDefaultKmsKeyArgs, opts ...InvokeOption) (*LookupDefaultKmsKeyResult, error)
func LookupDefaultKmsKeyOutput(ctx *Context, args *LookupDefaultKmsKeyOutputArgs, opts ...InvokeOption) LookupDefaultKmsKeyResultOutput> Note: This function is named LookupDefaultKmsKey in the Go SDK.
public static class GetDefaultKmsKey
{
public static Task<GetDefaultKmsKeyResult> InvokeAsync(GetDefaultKmsKeyArgs args, InvokeOptions? opts = null)
public static Output<GetDefaultKmsKeyResult> Invoke(GetDefaultKmsKeyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetDefaultKmsKeyResult> getDefaultKmsKey(GetDefaultKmsKeyArgs args, InvokeOptions options)
public static Output<GetDefaultKmsKeyResult> getDefaultKmsKey(GetDefaultKmsKeyArgs args, InvokeOptions options)
fn::invoke:
function: aws:ebs/getDefaultKmsKey:getDefaultKmsKey
arguments:
# arguments dictionaryThe following arguments are supported:
getDefaultKmsKey Result
The following output properties are available:
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
