Enable AWS root block device encryption by default

* terraform-provider-aws v2.23.0 allows AWS root block devices
to enable encryption by default.
* Require updating terraform-provider-aws to v2.23.0 or higher
* Enable root EBS device encryption by default for controller
instances and worker instances in auto-scaling groups

For comparison:

* Google Cloud persistent disks have been encrypted by
default for years
* Azure managed disk encryption is not ready yet (#486)
This commit is contained in:
Dalton Hubble 2019-08-07 20:56:55 -07:00
parent cad12804c8
commit 6db11d5908
7 changed files with 11 additions and 2 deletions

View File

@ -4,6 +4,11 @@ Notable changes between versions.
## Latest
#### AWS
* Enable root block device encryption by default ([#527](https://github.com/poseidon/typhoon/pull/527))
* Require `terraform-provider-aws` v2.23+ (**action required**)
#### Addons
* Update kube-state-metrics from v1.7.1 to v1.7.2

View File

@ -31,6 +31,7 @@ resource "aws_instance" "controllers" {
volume_type = var.disk_type
volume_size = var.disk_size
iops = var.disk_iops
encrypted = true
}
# network

View File

@ -3,7 +3,7 @@
terraform {
required_version = "~> 0.12.0"
required_providers {
aws = "~> 2.7"
aws = "~> 2.23"
ct = "~> 0.3"
template = "~> 2.1"
null = "~> 2.1"

View File

@ -56,6 +56,7 @@ resource "aws_launch_configuration" "worker" {
volume_type = var.disk_type
volume_size = var.disk_size
iops = var.disk_iops
encrypted = true
}
# network

View File

@ -31,6 +31,7 @@ resource "aws_instance" "controllers" {
volume_type = var.disk_type
volume_size = var.disk_size
iops = var.disk_iops
encrypted = true
}
# network

View File

@ -3,7 +3,7 @@
terraform {
required_version = "~> 0.12.0"
required_providers {
aws = "~> 2.7"
aws = "~> 2.23"
ct = "~> 0.4"
template = "~> 2.1"
null = "~> 2.1"

View File

@ -56,6 +56,7 @@ resource "aws_launch_configuration" "worker" {
volume_type = var.disk_type
volume_size = var.disk_size
iops = var.disk_iops
encrypted = true
}
# network