-
Notifications
You must be signed in to change notification settings - Fork 579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🌱 Add encrypted AMI copy #2203
🌱 Add encrypted AMI copy #2203
Conversation
There is an issue with using the provided kms key. Even Though passing the key id it still defaults to another KMS key. |
if kmsKeyID == "" { | ||
kmsKeyIDPtr = nil | ||
} | ||
kmsKeyIDPtr = &kmsKeyID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if kmsKeyID == "" { | |
kmsKeyIDPtr = nil | |
} | |
kmsKeyIDPtr = &kmsKeyID |
7d1a370
to
f234262
Compare
Passing KMS key id via aws cli works, I am fairly sure there is an SDK issue. Tried updating SDK, did not help. |
013d761
to
a054faf
Compare
After adding a pre-signed url to the copy snapshot request, it started using the provided kms key id correctly. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: randomvariable The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What this PR does / why we need it:
This PR is a follow up to
clusterawsadm ami copy
PR: #2112clusterawsadm ami encrypted-copy
, by taking K8s version, OS, region as parameters:1- Copy and encrypt the requested AMIs snapshot to the user AWS account
2- Create and encrypt AMI using the copied snapshot
Encrypt using a non-default KmsKeyId specified using Key alias:
clusterawsadm ami encrypted-copy --os centos-7 --kubernetes-version=v1.19.4 --kms-key-id=alias/ExampleAlias
Fixes ##2041