- 新しい順
- 投票が多い順
- コメントが多い順
CDK does not provide a direct method to enable EBS encryption by default at the account or region level. This functionality is typically managed through the AWS Management Console or AWS CLI. After enabling encryption by default through AWS CLI or Console, all new EBS volumes and snapshots in the specified region are encrypted under the AWS managed key, unless you specify otherwise in your CDK code or other AWS service configurations.
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_EnableEbsEncryptionByDefault.html
// Add an EBS volume encrypted with the default AWS managed key
instance.addBlockDevice({
deviceName: '/dev/sdh',
volume: ec2.BlockDeviceVolume.ebs(20, {
encrypted: true, // Ensures the volume is encrypted
// Do not specify the kmsKey property to use the default AWS managed key
}),
});
Thank you for your answer. According to your description, we need to create a EBS volume and choose to encrypt,but not specify the kmsKey property, right? But this doesn't work in my use case, I edited my question again, please check it , thank you.
Hello, To create an EBS volume and use AWS managed key for EBS encryption, you can modify the CDK code to use the default AWS managed key for EBS encryption. Here's how you can do it:
import * as cdk from '@aws-cdk/core'; import * as ec2 from '@aws-cdk/aws-ec2';
export class EbsWithEncryptionStack extends cdk.Stack { constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { super(scope, id, props);
// Create EBS volume with encryption using AWS managed key for EBS
const volume = new ec2.Volume(this, 'EbsVolume', {
availabilityZone: 'us-east-1a', // Change availability zone as per your requirement
encrypted: true, // Enable encryption
volumeType: ec2.EbsDeviceVolumeType.GP2, // Change volume type as per your requirement
});
// Output volume ID
new cdk.CfnOutput(this, 'EbsVolumeId', {
value: volume.volumeId,
});
} }
const app = new cdk.App(); new EbsWithEncryptionStack(app, 'EbsWithEncryptionStack');
The sample code above create an EBS volume using ec2.Volume and set encrypted property to true to enable encryption. Since we haven't specified any KMS key explicitly, AWS will use the default AWS managed key for EBS encryption automatically.
Thank you for your answer, then I'm very sorry I didn't describe the use case to clear me, I edited my question again, please check it again, thank you.
関連するコンテンツ
- AWS公式更新しました 10ヶ月前
- AWS公式更新しました 1年前
- AWS公式更新しました 3年前
Please accept the answer if it was useful for you