From f6772f06bed48fb72e297c6a8d7cea0c5e06fbb1 Mon Sep 17 00:00:00 2001
From: Jason Wieringa <jason@wieringa.io>
Date: Thu, 11 Jan 2018 20:26:44 -0800
Subject: [PATCH] builder/amazon: Raise error when ebsvolume kms_key_id is
 without encrypted = true

---
 builder/amazon/ebsvolume/builder.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/builder/amazon/ebsvolume/builder.go b/builder/amazon/ebsvolume/builder.go
index 6ce9ae58d..01b9e3b76 100644
--- a/builder/amazon/ebsvolume/builder.go
+++ b/builder/amazon/ebsvolume/builder.go
@@ -57,6 +57,14 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 	errs = packer.MultiErrorAppend(errs, b.config.AccessConfig.Prepare(&b.config.ctx)...)
 	errs = packer.MultiErrorAppend(errs, b.config.RunConfig.Prepare(&b.config.ctx)...)
 
+	// Warn that encrypted must be true when setting kms_key_id
+	for _, device := range b.config.VolumeMappings {
+		if device.KmsKeyId != "" && device.Encrypted == false {
+			errs = packer.MultiErrorAppend(errs, fmt.Errorf("The device %v, must also have `encrytped: "+
+				"true` when setting a kms_key_id.", device.DeviceName))
+		}
+	}
+
 	b.config.launchBlockDevices, err = commonBlockDevices(b.config.VolumeMappings, &b.config.ctx)
 	if err != nil {
 		errs = packer.MultiErrorAppend(errs, err)