Anyone know on EKS if there is a straightforward way to default to encrypted volumes? The only thing I've found so far is creating a copy of the EKS ami and then setting that through the launch template. I haven't gotten that working yet, and it seems like there would be a better route for what I imagine is a pretty common requirement.