Skip to content
This repository was archived by the owner on May 31, 2024. It is now read-only.
This repository was archived by the owner on May 31, 2024. It is now read-only.

No KMS Support For Default EBS Encryption #614

Open
Open
No KMS Support For Default EBS Encryption#614
Labels
enhancementNew feature or request
@privorhart

Description

@privorhart
privorhart
opened on Jun 1, 2023

Description

When default ebs encryption is enabled in a region, workflows will be stuck in a runnable state.

The workaround is to manually add KMS permissions to the BatchTaskBatchBatchRoleE role. Once this is done, everything runs fine.

The additional problem here is that manually adding the kms permissions blocks the context destroy action as cloudformation will not delete the role resource if there is a policy attached from outside of cloudformation. So, the policy needs to manually be removed in order to destroy the context

Use Case

It's good security practice to turn on default ebs encryption in a region. We'd like to be both secure, and run our agc workflows

Proposed Solution

Create a means to add the necessary kms policies to the BatchTaskBatchBatchRoleE role. It would be helpful if there was a parameter that could be used to specify the kms key that we wish to use as well.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions