Closed Halama closed 1 year ago
Oh, I'm also wondering: do you know what the impact of this would be for non-graviton instance types? Will they be fine with xvda?
@bwhaley I've tried few x86 images and it was also returning /dev/xvda
.
aws ec2 describe-images --image-ids ami-05b5badc2f7ddd88d --region us-east-1
{
"Images": [
{
"Architecture": "x86_64",
"CreationDate": "2023-02-24T09:54:00.000Z",
"ImageId": "ami-05b5badc2f7ddd88d",
"ImageLocation": "amazon/amzn2-ami-hvm-2.0.20230221.0-x86_64-gp2",
"ImageType": "machine",
"Public": true,
"OwnerId": "137112412989",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": true,
"SnapshotId": "snap-07d0aaf53127ea133",
"VolumeSize": 8,
"VolumeType": "gp2",
"Encrypted": false
}
}
],
"Description": "Amazon Linux 2 AMI 2.0.20230221.0 x86_64 HVM gp2",
"EnaSupport": true,
"Hypervisor": "xen",
"ImageOwnerAlias": "amazon",
"Name": "amzn2-ami-hvm-2.0.20230221.0-x86_64-gp2",
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SriovNetSupport": "simple",
"VirtualizationType": "hvm",
"DeprecationTime": "2025-02-24T09:54:00.000Z"
}
]
}
Another approach could be fetch device name from AMI data resource https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami Like this:
block_device_mappings {
device_name = data.aws_ami.amazon_linux_2.block_device_mappings[0].device_name
ebs {
volume_size = 80
encrypted = true
}
}
But it should also handle situation when the custom ami is provided https://github.com/1debit/alternat/blob/2d2f0c6fee0f7fdd254355986e568ff0be82cdde/modules/terraform-aws-alternat/main.tf#L206
So maybe it would be better to be able to set block_device_mappings using variable, similar to https://github.com/terraform-aws-modules/terraform-aws-eks/blob/c7565e265e23cbc622041fc153193f490cfe948f/modules/self-managed-node-group/variables.tf#LL135-L139 ?
Great input, thanks. I opened a new PR with a slightly different approach. In that PR, if the volumes are permitted, we just use the AMI default (which is an 8GB gp2 volume on the Amazon Linux 2 AMI). What do you think?
I think https://github.com/1debit/alternat/pull/57 is a good approach and we'll use it this way when it'll be released. Thanks, I will now close this PR in favor of https://github.com/1debit/alternat/pull/57
Issue
When I am using
ARM
images alternat provisions another EBS as/dev/sda1
and root EBS is still 8GB unencrypted. I assume this is not intentional and there should be only one root EBS with encryption enabled:Fix
I've changed the configured block device mapping to
/dev/xvda
which is root volume forARM
images https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html?icmpid=docs_ec2_console#device-name-limitsAfter the fix: