Given already deployed AWS resources that use the default AWS managed keys, is it possible to change the default encryption key from AWS managed to a Customer Managed Key (CMK)?
Resources in question:
Thanks!
I don't think you can change it, at least the API documentation don't have this options.
EFS:
https://docs.aws.amazon.com/efs/latest/ug/API_UpdateFileSystem.html
FSx:
https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html