AWS CloudFormation Autoscaling creates an encrypted EBS root volume with a client key

Question

AWS CloudFormation Autoscaling creates an encrypted EBS root volume with a client key

As a requirement, I need all my EBS volume to be encrypted with the KMS client (and not with the aws / ebs one error)

In the LaunchConfig properties of BlockDeviceMappings, I see the Encrypted property, but I don’t see the custom KMS in any case. I see the snapshotId property that allows me to point to an encrypted snapshot, but how will it look? Will there be every rectangle creating an empty volume from this snapshot?

What is the best way to achieve this? Is my only way to create volume in user data and attach it there?

+4

amazon-web-services encryption autoscaling aws-kms launch-configuration

Johny19 Feb 01 '18 at 16:57

source share

1

Matt Houser · Answer 1 · 2018-02-01T20:06:42+0000

AWS AutoScaling KMS EC2.

EC2 ec2:RunInstances, ec2:RequestSpotFleet ec2:RequestSpotInstances, KMS EBS. KMS , KMS, EBS.

Auto Scaling KMS. KMS. KMS, , .

: https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_Ebs.html

AWS CloudFormation Autoscaling creates an encrypted EBS root volume with a client key

More articles: