Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add encryption-in-transit-supported attribute to aws_ec2_instance_type #21624

Closed
lachlancooper opened this issue Nov 4, 2021 · 2 comments · Fixed by #21837
Closed

Add encryption-in-transit-supported attribute to aws_ec2_instance_type #21624

lachlancooper opened this issue Nov 4, 2021 · 2 comments · Fixed by #21837
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/ec2 Issues and PRs that pertain to the ec2 service.

Comments

@lachlancooper
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

This is a request to add an encryption_in_transit_supported attribute to the aws_ec2_instance_type data source.

The encryptionInTransitSupported field was added to the SDK recently in https://github.com/aws/aws-sdk-go/releases/tag/v1.40.27.

I'm requesting this feature because we want to ensure our engineers always select instance types that support automatic in-transit encryption, to align with our security policies.

Until recently the list of types supporting automatic in-transit encryption was only available on this documentation page. Our current solution is therefore a custom validation rule on each instance type input variable, using a manually-maintained regex of acceptable instance types.

Now that the information is available directly via the EC2 API, we would like to avoid the need for the manually-maintained regex.

New or Affected Resource(s)

  • aws_ec2_instance_type

Potential Terraform Configuration

variable "example_instance_type" {
  default = "t2.micro"
}

data "aws_ec2_instance_type" "example" {
  instance_type = var.example_instance_type
}

locals {
  example_instance_type_validated = data.aws_ec2_instance_type.example.encryption_in_transit_supported ? var.example_instance_type : ""
}

resource "aws_ec2_host" "example" {
  # this will be empty if the specified instance type does not support automatic in-transit encryption
  instance_type = local.example_instance_type_validated
}

References
@lachlancooper lachlancooper added the enhancement Requests to existing resources that expand the functionality or scope. label Nov 4, 2021
@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/ec2 Issues and PRs that pertain to the ec2 service. labels Nov 4, 2021
@justinretzolk justinretzolk removed the needs-triage Waiting for first response or review from a maintainer. label Nov 10, 2021
@rrangith rrangith mentioned this issue Nov 18, 2021
Merged
@rrangith
Copy link
Contributor

I created a PR for this: #21837

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/ec2 Issues and PRs that pertain to the ec2 service.
Projects
None yet
Milestone
No milestone
3 participants
@lachlancooper @rrangith @justinretzolk