This release introduces the ability to encrypt the disks for the AWS Postgres Database. With the --rds-disk-encryption
flag, Control Tower will generate a KMS Key and deploy an encrypted RDS instance if the IAAS is AWS. On GCP, the Database is encrypted by default.
Please note that this can only be used for initial Control Tower deployments.
Thanks to @max-soe for raising this PR! 🙌
credhub_release: 2.12.18 > 2.12.19
stemcell_aws: 1.171 > 1.174
stemcell_gcp: 1.171 > 1.174
director_bosh_release: 277.0.0 > 277.1.0
director_stemcell_aws: 1.80 > 1.83
director_stemcell_gcp: 1.80 > 1.83
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.174
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.83
- Concourse 7.8.3
- BOSH 277.1.0
- BOSH AWS CPI 96
- BPM 1.1.21
- Credhub 2.12.19
- Grafana 0.0.70
- InfluxDB 8.0.14
- UAA 75.23.0
- BOSH CLI 5.5.1
- Terraform 1.3.6
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.174
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.83
- Concourse 7.8.3
- BOSH 277.1.0
- BOSH GCP CPI 46.0.1
- BPM 1.1.21
- Credhub 2.12.19
- Grafana 0.0.70
- InfluxDB 8.0.14
- UAA 75.23.0
- BOSH CLI 5.5.1
- Terraform 1.3.6
Note to build locally you will need to clone control-tower-ops (version 0.0.498) to the same level as control-tower to get the required manifests and ops files.