feat: Add support for direct KMS key ID in volume encryption

YoungJinJung · YoungJinJung · commit 97b1cb7c000f · 2026-02-02T19:39:26.000+09:00
diff --git a/pkg/aws/ec2.go b/pkg/aws/ec2.go
@@ -622,10 +622,20 @@ func (e EC2Client) MakeLaunchTemplateBlockDeviceMappings(blocks []schemas.BlockD
 		var LaunchTemplateEbsBlockDevice *ec2.LaunchTemplateEbsBlockDeviceRequest
 
 		if enabledEBSEncrypted {
-			keyId, err := e.getKmsKeyIdByAlias(block.KmsAlias)
-			if err != nil {
-				Logger.Fatal(fmt.Sprintf("Error: %s", err.Error()))
+			var keyId string
+			var err error
+
+			// Priority: KmsKeyId > KmsAlias
+			if len(block.KmsKeyId) > 0 {
+				keyId = block.KmsKeyId
+				Logger.Infof("Using provided KMS Key ID: %s", keyId)
+			} else {
+				keyId, err = e.getKmsKeyIdByAlias(block.KmsAlias)
+				if err != nil {
+					Logger.Fatal(fmt.Sprintf("Error: %s", err.Error()))
+				}
 			}
+
 			LaunchTemplateEbsBlockDevice = &ec2.LaunchTemplateEbsBlockDeviceRequest{
 				VolumeSize:          aws.Int64(block.VolumeSize),
 				VolumeType:          aws.String(block.VolumeType),
diff --git a/pkg/schemas/config.go b/pkg/schemas/config.go
@@ -249,9 +249,12 @@ type BlockDevice struct {
 	// Enable Encrypted
 	Encrypted bool `yaml:"encrypted"`
 
-	// KMS key
+	// KMS key alias
 	KmsAlias string `yaml:"kmsAlias"`
 
+	// KMS key ID (ARN or key ID)
+	KmsKeyId string `yaml:"kmsKeyId"`
+
 	// Whether to delete the volume on instance termination
 	DeleteOnTermination bool `yaml:"delete_on_termination"`
 }
