Support EBS encryption and KMS key configuration for AWS Cloud compute environments
complete
Esha Joshi
AWS Cloud compute environments currently only expose EBS volume size as a configurable parameter but do not allow encryption to be set on the EBS block device, which can cause instance creation to fail in AWS accounts that enforce EBS encryption via an SCP.
The ask has two parts:
- Enable encryption toggle and pass encrypted=true on the EBS block device.
enforcement. AWS will use the account's default KMS key (AWS-managed or customer-designated CMK) automatically. Default here to be false.
- Optionally expose a KMS key ARN field in the AWS Cloud CE configuration UI, so customers who need a specific CMK (rather than the account default) can pass it explicitly. If if blank and encryption is enabled, use the account/region default key.
Rob Newman
updated the status to
complete
Live in Cloud Production, will be shipped in the next Enterprise v26.1 patch release.
M
Michael Tansini
updated the status to
in progress
M
Michael Tansini
updated the status to
planned
M
Michael Tansini
updated the status to
acknowledged