diff --git a/locals.tf b/locals.tf
index 231ba85..c409c62 100644
--- a/locals.tf
+++ b/locals.tf
@@ -40,6 +40,8 @@ locals {
     | 1 | 1 | use custom kms */
   cloudwatch_log_group_kms_key_arn = var.is_create_cloudwatch_log_group ? var.cloudwatch_log_group_kms_key_arn != null ? var.cloudwatch_log_group_kms_key_arn : var.is_create_default_kms ? module.cloudwatch_log_group_kms[0].key_arn : null : null
 
+  secret_kms_key_arn = var.is_create_default_kms && var.secret_kms_key_arn == null ? module.secret_kms_key[0].key_arn : var.secret_kms_key_arn
+
   tags = merge(
     {
       "Environment" = var.environment,
diff --git a/main.tf b/main.tf
index fd3bb50..0dbd716 100644
--- a/main.tf
+++ b/main.tf
@@ -104,7 +104,7 @@ module "cloudwatch_log_group_kms" {
   name                 = format("%s-log-group", var.name)
   key_type             = "service"
   append_random_suffix = true
-  description          = format("Secure Secrets Manager's service secrets for service %s", local.name)
+  description          = format("Secure log group for service %s", local.name)
   additional_policies  = [data.aws_iam_policy_document.cloudwatch_log_group_kms_policy.json]
 
   tags = merge(local.tags, { "Name" : format("%s-log-group", local.name) })
@@ -193,6 +193,7 @@ resource "aws_lb_listener_rule" "this" {
 /*                                   Secret                                   */
 /* -------------------------------------------------------------------------- */
 module "secret_kms_key" {
+  count = var.is_create_default_kms && var.secret_kms_key_arn == null ? 1 : 0  
   source  = "oozou/kms-key/aws"
   version = "1.0.0"
 
@@ -226,7 +227,7 @@ resource "aws_secretsmanager_secret" "this" {
 
   name        = "${each.value.name}/${random_string.service_secret_random_suffix[each.key].result}"
   description = "Secret for service ${local.name}"
-  kms_key_id  = module.secret_kms_key.key_arn
+  kms_key_id  = local.secret_kms_key_arn
 
   tags = merge({ Name = "${each.value.name}/${random_string.service_secret_random_suffix[each.key].result}" }, local.tags)
 }
@@ -275,7 +276,7 @@ resource "aws_ecs_task_definition" "this" {
   container_definitions = jsonencode(local.container_task_definitions)
 
   dynamic "volume" {
-    for_each = local.volumes
+    for_each = var.efs_volumes #local.volumes
     content {
       host_path = lookup(volume.value, "host_path", null)
       name      = volume.value.name
diff --git a/variables.tf b/variables.tf
index 38fb463..107016c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -97,6 +97,12 @@ variable "cloudwatch_log_group_kms_key_arn" {
   default     = null
 }
 
+variable "secret_kms_key_arn" {
+  description = "The ARN for the secret manager KMS encryption key."
+  type        = string
+  default     = null
+}
+
 /* -------------------------------------------------------------------------- */
 /*                                LoadBalancer                                */
 /* -------------------------------------------------------------------------- */
@@ -272,8 +278,7 @@ variable "ordered_placement_strategy" {
 /* -------------------------------------------------------------------------- */
 variable "efs_volumes" {
   description = "Task EFS volume definitions as list of configuration objects. You cannot define both Docker volumes and EFS volumes on the same task definition."
-  type        = list(any)
-  default     = []
+  type        = any
 }
 
 /* -------------------------------------------------------------------------- */