terraform-aws-ecs-cluster icon indicating copy to clipboard operation
terraform-aws-ecs-cluster copied to clipboard

Published 20 hours ago verified publisher icon infrablocks

Allow encryption to be enabled for root EBS volume

Open tobyclemson opened this issue 4 years ago • 3 comments

tobyclemson avatar Aug 06 '21 16:08 tobyclemson

@tobyclemson I checked our ECS EC2's launched from this module all have encryption at rest enabled on their root volume. Am I missing something?

jeroenhabets avatar Nov 30 '22 13:11 jeroenhabets

Hi @jeroenhabets,

Hmm, that's strange, according to https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration#root_block_device the default for encrypted is false and this module doesn't currently override that or allow it to be overridden by the module consumer.

Could it be possible you have this enabled: https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/ and that's causing the volumes to be encrypted?

Thanks, Toby

tobyclemson avatar Nov 30 '22 22:11 tobyclemson

Hi @tobyclemson, of course. Apologies for taking your time for something I should have realized myself. For a moment, I thought I had found an old open issue that in the meantime had been solved. Perhaps the only good this may bring is that people finding this ticket now can learn of this alternative solution, by setting the default, you mentioned. Thanks! Jeroen

jeroenhabets avatar Dec 01 '22 14:12 jeroenhabets

@jonassvalin does your recent release resolve this issue?

tobyclemson avatar Feb 22 '23 11:02 tobyclemson

This is indeed fixed in release 6.0.0.

jonassvalin avatar Feb 22 '23 11:02 jonassvalin