After creating a customer-manged key, it has to be enabled for EBS and assigned as a wide-region encryption key. First, navigate to EC2 Dashboard, and under Account attributes click on Data protection and security (previously named EBS encryption).
Click on Manage, you can notice that the default current encryption key for the region is the AWS-managed key.
Enable always encryption and then select your CMK from the drop-list, finally click on Update EBS encryption.
With this Customer-managed key is configured and enabled.
Next step is to select true for the EncryptVolumesWithDefaultKey during the CloudFormation deployment process.