Skip to content
This repository has been archived by the owner on Oct 4, 2024. It is now read-only.

Encrypt root device #40

Merged
merged 2 commits into from
Nov 19, 2021
Merged

Encrypt root device #40

merged 2 commits into from
Nov 19, 2021

Conversation

andreidorin-oprea
Copy link
Contributor

Issue #33,

  • Encrypt root volumes of the EC2 Instances
  • Add encryption to the nfs file share as well

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

sshvans
sshvans suggested changes Nov 18, 2021
View reviewed changes
templates/storage.template.yaml Outdated
- Effect: Allow
Action:
- 'kms:DescribeKey'
Resource: !Sub 'arn:${AWS::Partition}:kms:*:*:*'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we restrict to a specific kms resource?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had misread the documentation about the File Share encryption. It's default behavior is to use server-side encryption with an S3-Managed key. Changing this with another default key doesn't really add value so we decided to remove it.

@sshvans sshvans merged commit baf46f7 into aws-quickstart:develop Nov 19, 2021
@andreidorin-oprea andreidorin-oprea mentioned this pull request Nov 23, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sshvans sshvans sshvans approved these changes

@ubikusss ubikusss ubikusss approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andreidorin-oprea @ubikusss @sshvans