#StackBounty: #amazon-web-services #amazon-ec2 #elastic-beanstalk #amazon-cloudformation How to automate EBS encryption with Elastic Be…

Bounty: 50

I am looking to encrypt my root EBS volumes for new EC2 environments that I create. I know that I can do this from the AWS console and from CloudFormation, but would like to be able to do so via an Elastic Beanstalk config file.

I have tried by setting the EBS volume in the launch configuration, however this only creates additional volumes from the root volume:

Type: AWS::AutoScaling::LaunchConfiguration
Properties:
  BlockDeviceMappings: [ DeviceName: "/dev/sdf1", Ebs: { Encrypted: true, VolumeSize: 8, VolumeType: gp2}]

I have also tried to create a new EBS volume on environment creation, however I am unsure how to dynamically get the EC2 instance’s logical name (I used MyEC2 here for reference):

Type: AWS::EC2::Volume
Properties:
  AutoEnableIO: true
  AvailabilityZone: { "Fn::GetAtt" : [ "MyEC2", "AvailabilityZone" ] }
  Encrypted: true
  KmsKeyId: mykey
  Size: 8
  VolumeType: gp2

Essentially I need to be able to create a new environment with an encrypted root volume. Any help would be greatly appreciated!


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.