Open rittneje opened 4 months ago
AWS::EKS::Cluster
No response
Reopening #1234. The response that you "do not have a plan to support updating encryption config" is not acceptable.
EKS supports enabling (but not disabling) secret encryption on an existing cluster. https://docs.aws.amazon.com/eks/latest/userguide/enable-kms.html
However, attempting to enable encryption via CloudFormation will force a replacement for no reason. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig
Enabling encryption on an existing cluster via CloudFormation must be allowed.
CloudFormation forces a cluster replacement for no reason.
Create an EKS cluster with encryption disabled. Then update the stack to enable it.
Name of the resource
AWS::EKS::Cluster
Resource Name
No response
Issue Description
Reopening #1234. The response that you "do not have a plan to support updating encryption config" is not acceptable.
EKS supports enabling (but not disabling) secret encryption on an existing cluster. https://docs.aws.amazon.com/eks/latest/userguide/enable-kms.html
However, attempting to enable encryption via CloudFormation will force a replacement for no reason. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig
Expected Behavior
Enabling encryption on an existing cluster via CloudFormation must be allowed.
Observed Behavior
CloudFormation forces a cluster replacement for no reason.
Test Cases
Create an EKS cluster with encryption disabled. Then update the stack to enable it.
Other Details
No response