Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding workers_launch_template ebs encryption #292

Merged
merged 3 commits into from
Mar 7, 2019
Merged

Adding workers_launch_template ebs encryption #292

merged 3 commits into from
Mar 7, 2019

Conversation

russki
Copy link
Contributor

@russki russki commented Mar 2, 2019

PR o'clock

Description

Adding EBS encryption option for EKS workers in workers_launch_template

Checklist

  • terraform fmt and terraform validate both work from the root and examples/eks_test_fixture directories (look in CI for an example)
  • Tests for the changes have been added and passing (for bug fixes/features)
  • Test results are pasted in this PR (in lieu of CI)
  • I've added my change to CHANGELOG.md
  • Any breaking changes are highlighted above

max-rocket-internet
max-rocket-internet suggested changes Mar 5, 2019
View reviewed changes
Copy link
Contributor

@max-rocket-internet max-rocket-internet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thanks @russki

local.tf Outdated
@@ -62,6 +62,8 @@ locals {
root_volume_size = "100" # root volume size of workers instances.
root_volume_type = "gp2" # root volume type of workers instances, can be 'standard', 'gp2', or 'io1'
root_iops = "0" # The amount of provisioned IOPS. This must be set with a volume_type of "io1".
root_encrypted = false # root volume encryption for workers.
kms_key_id = "" # AWS KMS customer master key to use when creating encrypted volume. ASG must have access to CMK.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you fix the comment here? "customer" is not relevant and what is CMK?

I think just KMS key ID used for encrypted block device would be good 🙂

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@max-rocket-internet updated the comment! Let me know if this looks better. I wanted to make a distinction between the default KMS aws/ebs key and the Customer Master Keys (CMK) that one could want to use

@max-rocket-internet max-rocket-internet merged commit 3795811 into terraform-aws-modules:master Mar 7, 2019
@max-rocket-internet max-rocket-internet mentioned this pull request Jun 25, 2019
Closed
4 tasks
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@max-rocket-internet max-rocket-internet max-rocket-internet approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@russki @max-rocket-internet