goyalpurvi
commented
4 months ago Hi @piratesecurity Have you tried using the base TPM enabled Windows Server AMIs in the doc link your shared, and installing EKS Managed components using EC2 Image Builder? You can create a custom image to help with your use-case. Here's some documentation that can help.
EKS Managed component name: "eks-optimized-ami-windows"
Base image to start with: Any of the Windows AMIs listed here: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/enable-nitrotpm-prerequisites.html
EC2 Image Builder (with example on how to create a container image): https://docs.aws.amazon.com/imagebuilder/latest/userguide/start-build-container-pipeline.html
Please let us know if you run into issues with this.
Community Note
Tell us about your request What do you want us to build? Currently only windows server 2016/2019/2022 base images are available with TPM support. We are looking TPM support for both EKS and ECS windows server variants as well.
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/enable-nitrotpm-prerequisites.html
Which service(s) is this request for? EKS and ECS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We are trying to enable secure boot for all of our windows workloads in AWS cloud but currently we have enabled TPM for only windows server 2016/2019/2022 base AMIs. Looking forward to enable it for both EKS and ECS variants as well
Are you currently working around this issue? Currently we are not able to enable secure boot i.e Nitro TPM provided by AWS.
Additional context Anything else we should know?
Attachments If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)