Support EBS encryption and KMS key configuration for AWS Cloud compute environments
planned
Esha Joshi
AWS Cloud compute environments currently only expose EBS volume size as a configurable parameter but do not allow encryption to be set on the EBS block device, which can cause instance creation to fail in AWS accounts that enforce EBS encryption via an SCP.
The ask has two parts:
- Enable encryption toggle and pass encrypted=true on the EBS block device.
enforcement. AWS will use the account's default KMS key (AWS-managed or customer-designated CMK) automatically. Default here to be false.
- Optionally expose a KMS key ARN field in the AWS Cloud CE configuration UI, so customers who need a specific CMK (rather than the account default) can pass it explicitly. If if blank and encryption is enabled, use the account/region default key.
M
Michael Tansini
marked this post as
planned
M
Michael Tansini
marked this post as
acknowledged