Option to launch encrypted EBS root volume from unencrypted AMI #570
Conversation
|
@res0nance sorry for tagging you directly, let me know if there is any other preferred way to start the conversation over this? |
| } | ||
|
|
||
| newMapping.getEbs().setEncrypted(encryptEbsRootVolume); |
There was a problem hiding this comment.
This looks like it alters behaviour, if I did not specify it should do what the default was previously. Now if i save the configuration we get either true or false. If i specify false on an encrypted ami does it become unencrypted? This is likely to cause issues with certain users configurations
There was a problem hiding this comment.
Thanks for the review!
I've updated PR to make it backwards compatible; if you didn't change anything, it should stay null as default.
|
@res0nance many thanks for the merge! Are there any plans for next release? |
What does PR do:
This PR implements option to encrypt root EBS volume from unencrypted AMI
Why:
Our security policy requires EBS volumes to be encrypted, and since all public AMIs need to be unencrypted, in order for us to use them we would require this implementation.
Since 2019 it is possible to encrypt EBS backed EC2 instances from unencrypted AMIs; more about it here.