Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

initial version of EncryptRootVolume Document #34

Merged
merged 10 commits into from
Apr 9, 2019
Merged

initial version of EncryptRootVolume Document #34

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
c7356af
initial version of EncryptRootVolume Document
Mar 7, 2019
9899500
expanded DescribeInstance step's Output; Changed the way I determine …
Mar 17, 2019
944cb50
asserting that root volume encryption has been completed
Mar 17, 2019
50cc470
Changed sleep to wait. Restoring original EC2 state rather than arbit…
Mar 20, 2019
c62c5c4
Created additional parameter options for snapshot waits; shuffled and…
Mar 21, 2019
4b5a558
changed to more descriptive parameter name; added outputs section to …
Mar 21, 2019
6e321d2
removed max wait for now
Mar 21, 2019
7029545
onFailure changed to 'Continue' in the clean up stages; being more ag…
Mar 26, 2019
50032bf
clean up process adjustment
Apr 5, 2019
0bc9f65
renamed npark-encryptrootvolume.json to aws-encryptrootvolume.json
Apr 9, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions Documents/Automation/EncryptRootVolume/Design/Design.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Encrypt EBS root volume

## Notes

Encrypts the root volume of an EC2 instance. This will be a replace operation and not an in-line encryption operation.

## Document Design

Refer to schema.json

Document Steps:
1. aws:npark-encryptrootvolume - Execute CloudFormation Template to attach the volume.
awsandrewpark marked this conversation as resolved.
Show resolved Hide resolved
* Parameters:
* instanceId: (Required) Instance ID of the ec2 instance whose root volume needs to be encrypted
* region: (Required) Region in which the ec2 instance belong
* KmsKeyId: (Required) Customer KMS key to use during the encryption
* devicename: (Optional) Device name of the root volume. Defaults to /dev/sda1
* AutomationAssumeRole: (Optional) The ARN of the role that allows Automation to perform the actions on your behalf

## Test script

Python script will:
# 1. Create a test stack with an instance, a volume and a KMS Key (Customer managed)
# 2. Execute automation document to replace the root volume with the encrypted one (after a copy operation of the root volume snapshot)
# 3. Ensure the Automation has executed successfull
# 4. Clean up test stack
28 changes: 28 additions & 0 deletions Documents/Automation/EncryptRootVolume/Design/schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{
"schemaVersion": "0.3",
"description": "Encrypt Root Volume",
"assumeRole": "{{ AutomationAssumeRole }}",
"parameters": {
"instanceId": {
"description": "Instance ID of the ec2 instance whose root volume needs to be encrypted",
"type": "String"
},
"region": {
"description": "Region in which the ec2 instance belong",
"type": "String"
},
"KmsKeyId": {
"description": "Customer KMS key to use during the encryption",
"type": "String"
},
"devicename": {
"description": "Device name of the root volume. Defaults to /dev/sda1",
"type": "String"
},
"AutomationAssumeRole": {
"description": "(Optional) The ARN of the role that allows Automation to perform the actions on your behalf",
"type": "String"
}
},
"mainSteps": []
}
Loading