Enable AWS root block device encryption by default

* terraform-provider-aws v2.23.0 allows AWS root block devices to enable encryption by default. * Require updating terraform-provider-aws to v2.23.0 or higher * Enable root EBS device encryption by default for controller instances and worker instances in auto-scaling groups For comparison: * Google Cloud persistent disks have been encrypted by default for years * Azure managed disk encryption is not ready yet (#486)
2025-07-15 12:41:33 +02:00 · 2019-08-07 20:56:55 -07:00
parent cad12804c8
commit 6db11d5908
7 changed files with 11 additions and 2 deletions
--- a/aws/container-linux/kubernetes/controllers.tf
+++ b/aws/container-linux/kubernetes/controllers.tf
@ -31,6 +31,7 @@ resource "aws_instance" "controllers" {
    volume_type = var.disk_type
    volume_size = var.disk_size
    iops        = var.disk_iops
+    encrypted   = true
  }

  # network