Open ghost opened 4 years ago
cmd-werner-diers
commented
3 years ago I'm facing the same issue. There is a lack of support for AMIs that contain multiple volumes. Those cannot be managed using terraform and there is little to no documentation of this use case.
There is a question in https://discuss.hashicorp.com/t/customize-ebs-volume-attachment-on-aws-instance-from-an-ami-with-multiple-volumes/12815 that is somehow related, but has no answers.
github-actions[bot]
commented
1 month ago Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.
If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!
This issue was originally opened by @fordfasterr as hashicorp/terraform#24726. It was migrated here as a result of the provider split. The original body of the issue is below.
There doesn't seem to be any way to encrypt all associated ami volumes from a multi-volume aws ami with unencrypted boot and associated volumes when deploying using the aws_instance resource.
Expected Behavior
I expect the boot volume, and all associated AMI volumes to be encrypted along with it.
Actual Behavior
Only the boot volume gets encrypted, the 3 remaining associated ami volumes don't get encrypted. When I enable the encrypted option for an aws instance, it successfully encrypts the boot volume, but my custom AMI (built with packer) has 3 associated ami volumes which don't get encrypted automatically.
Context
I have seen other people's solution which is to first create an encrypted copy of the ami and then launch the instance from the copy. It would be great if this feature would be built into the original resource or at least an option to do so.