Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to launch encrypted EBS root volume from unencrypted AMI #570

Merged
merged 1 commit into from
Apr 13, 2021

Conversation

anitabee
Copy link
Contributor

@anitabee anitabee commented Feb 19, 2021

What does PR do:
This PR implements option to encrypt root EBS volume from unencrypted AMI

Why:
Our security policy requires EBS volumes to be encrypted, and since all public AMIs need to be unencrypted, in order for us to use them we would require this implementation.

Since 2019 it is possible to encrypt EBS backed EC2 instances from unencrypted AMIs; more about it here.

@anitabee
Copy link
Contributor Author

@res0nance sorry for tagging you directly, let me know if there is any other preferred way to start the conversation over this?
In any case, do you think this change would be of interest to the rest of the community, and not sure if it's clear enough? Also, if you have any other ideas, I would be happy to hear them out.
Many thanks in advance

}

newMapping.getEbs().setEncrypted(encryptEbsRootVolume);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like it alters behaviour, if I did not specify it should do what the default was previously. Now if i save the configuration we get either true or false. If i specify false on an encrypted ami does it become unencrypted? This is likely to cause issues with certain users configurations

Copy link
Contributor Author

@anitabee anitabee Apr 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review!
I've updated PR to make it backwards compatible; if you didn't change anything, it should stay null as default.

@res0nance res0nance merged commit 366e80d into jenkinsci:master Apr 13, 2021
@res0nance res0nance added the enhancement Feature additions or enhancements label Apr 13, 2021
@anitabee
Copy link
Contributor Author

@res0nance many thanks for the merge! Are there any plans for next release?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Feature additions or enhancements
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants