Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use disk encryption for the root block device #12

Closed
itsdalmo opened this issue Jan 3, 2019 · 3 comments
Closed

Use disk encryption for the root block device #12

itsdalmo opened this issue Jan 3, 2019 · 3 comments

Comments

@itsdalmo
Copy link
Contributor

itsdalmo commented Jan 3, 2019

There is really no reason not to enable disk encryption, soencrypted = true needs to be set on the root_block_configuration as shown here:
https://www.terraform.io/docs/providers/aws/r/launch_configuration.html#root_block_device

Or if we switch to launch_template (#11) we can use this:
https://www.terraform.io/docs/providers/aws/r/launch_template.html#encrypted
@itsdalmo
Copy link
Contributor Author

itsdalmo commented May 8, 2019

This will be a breaking change, so best done as part of #11 when terraform 0.12 is out.

@itsdalmo
Copy link
Contributor Author

It does not seem like encryption can be enabled for the root device using launch_configuration, so we'll have to wait until we can swap to launch_template 🤔

@itsdalmo
Copy link
Contributor Author

For the root block device to be enabled, encryption has to be enabled when creating the AMI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@itsdalmo