-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* initial version of EncryptRootVolume Document
- Loading branch information
1 parent
0e7197f
commit 1e6b81f
Showing
6 changed files
with
782 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| # Encrypt EBS root volume | ||
|
|
||
| ## Notes | ||
|
|
||
| Encrypts the root volume of an EC2 instance. This will be a replace operation and not an in-line encryption operation. | ||
|
|
||
| ## Document Design | ||
|
|
||
| Refer to schema.json | ||
|
|
||
| Document Steps: | ||
| 1. aws:npark-encryptrootvolume - Execute CloudFormation Template to attach the volume. | ||
| * Parameters: | ||
| * instanceId: (Required) Instance ID of the ec2 instance whose root volume needs to be encrypted | ||
| * region: (Required) Region in which the ec2 instance belong | ||
| * KmsKeyId: (Required) Customer KMS key to use during the encryption | ||
| * devicename: (Optional) Device name of the root volume. Defaults to /dev/sda1 | ||
| * AutomationAssumeRole: (Optional) The ARN of the role that allows Automation to perform the actions on your behalf | ||
|
|
||
| ## Test script | ||
|
|
||
| Python script will: | ||
| # 1. Create a test stack with an instance, a volume and a KMS Key (Customer managed) | ||
| # 2. Execute automation document to replace the root volume with the encrypted one (after a copy operation of the root volume snapshot) | ||
| # 3. Ensure the Automation has executed successfull | ||
| # 4. Clean up test stack |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| { | ||
| "schemaVersion": "0.3", | ||
| "description": "Encrypt Root Volume", | ||
| "assumeRole": "{{ AutomationAssumeRole }}", | ||
| "parameters": { | ||
| "instanceId": { | ||
| "description": "Instance ID of the ec2 instance whose root volume needs to be encrypted", | ||
| "type": "String" | ||
| }, | ||
| "region": { | ||
| "description": "Region in which the ec2 instance belong", | ||
| "type": "String" | ||
| }, | ||
| "KmsKeyId": { | ||
| "description": "Customer KMS key to use during the encryption", | ||
| "type": "String" | ||
| }, | ||
| "devicename": { | ||
| "description": "Device name of the root volume. Defaults to /dev/sda1", | ||
| "type": "String" | ||
| }, | ||
| "AutomationAssumeRole": { | ||
| "description": "(Optional) The ARN of the role that allows Automation to perform the actions on your behalf", | ||
| "type": "String" | ||
| } | ||
| }, | ||
| "mainSteps": [] | ||
| } |
Oops, something went wrong.