Skip to content
/ terraform-ami-encrypted Public

How to create an AMI with root_device encrypted using Terraform

9 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rnrbarbosa/terraform-ami-encrypted

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

.gitignore

.gitignore

 
 

README.md

README.md

 
 

ami.tf

ami.tf

 
 

graph.png

graph.png

 
 

keys.tf

keys.tf

 
 

provider.tf

provider.tf

 
 

Repository files navigation

AWS AMI with Encrypted Root Device

AWS does not permit you to create an Instance with the option to have the root device encrypted.

In order to achieve this goal to have the root device encrypted, one must from an original AMI create a new AMI with encrypted devices, see [AMIs with Encrypted Snapshots|http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html].

This repo aims to achieve creating an AMI with root device encrypted using Terraform.

Requirements

  • AWS CLI
  • Terraform
  • Pair of SSH keys (not mandatory, existent key on AWS can be used)
  • Original AMI (CentOS 7 was used, but other linux images can be used)

Method

  1. Create KMS Key using aws_kms_key
  2. Select original AMI to be encrypted. CentOS AMI images here
  3. Launch an EC2 instance
  4. Create AMI from instance using aws_ami_from_instance
  5. Copy AMI encrypting using the KMS key created using aws_ami_copy

Links

About

How to create an AMI with root_device encrypted using Terraform

Topics

aws ec2 aws-kms terraform aws-ami aws-ami-copy

Resources

Readme
Activity

Stars

9 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages