Merge pull request #150 from YoungJinJung/fix/modify-ebs-encryption

YoungJinJung · web-flow · commit 9a5537201b77 · 2025-02-17T11:11:18.000+09:00
modify ebs encryption logic
diff --git a/deploy/Dockerfile b/deploy/Dockerfile
@@ -28,7 +28,7 @@ RUN yum update -y && \
     git \
     wget \
     openssl \
-    java-1.8.0-openjdk-devel.x86_64
+    java-1.8.0-amazon-corretto-devel
 
 COPY --from=docker:27.2.0 /usr/local/bin/docker /usr/local/bin/
 COPY --from=download-goployer goployer /usr/local/bin/
diff --git a/pkg/aws/ec2.go b/pkg/aws/ec2.go
@@ -485,15 +485,22 @@ func (e EC2Client) MakeLaunchTemplateBlockDeviceMappings(blocks []schemas.BlockD
 		}
 
 		enabledEBSEncrypted := block.Encrypted
-		kmsKeyArn := e.getKMSKeyArn(block.KmsKeyId)
+
 		LaunchTemplateEbsBlockDevice := &ec2.LaunchTemplateEbsBlockDeviceRequest{}
 
 		if enabledEBSEncrypted {
+			keyId, err := e.getKmsKeyIdByAlias(block.KmsAlias)
+
+			if err != nil {
+				Logger.Fatalf("Error: %v", err)
+			}
+
+			fmt.Printf("KMS Key ID for alias %s: %s\n", block.KmsAlias, keyId)
 			LaunchTemplateEbsBlockDevice = &ec2.LaunchTemplateEbsBlockDeviceRequest{
 				VolumeSize: aws.Int64(bSize),
 				VolumeType: aws.String(bType),
 				Encrypted:  aws.Bool(enabledEBSEncrypted),
-				KmsKeyId:   aws.String(kmsKeyArn),
+				KmsKeyId:   aws.String(keyId),
 			}
 		} else {
 			LaunchTemplateEbsBlockDevice = &ec2.LaunchTemplateEbsBlockDeviceRequest{
@@ -1296,42 +1303,29 @@ func (e EC2Client) DescribeAMIArchitecture(amiID string) (string, error) {
 	return amiArchitecture, nil
 }
 
-func (e EC2Client) getKMSKeyArn(kmsKeyId string) string {
+func (e EC2Client) getKmsKeyIdByAlias(alias string) (string, error) {
 
-	kmsAlias := kmsKeyId
-
-	if kmsAlias == "" {
+	if len(alias) == 0 {
 		Logger.Info("Volume Encrypt default KMS Key(aws/ebs)")
-		kmsAlias = "alias/aws/ebs"
-	} else if !strings.HasPrefix(kmsAlias, "alias") {
+		alias = "alias/aws/ebs"
+	} else if !strings.HasPrefix(alias, "alias") {
 		var sb strings.Builder
 		sb.WriteString("alias/")
-		sb.WriteString(kmsAlias)
-		kmsAlias = sb.String()
+		sb.WriteString(alias)
+		alias = sb.String()
 	}
 
-	input := &kms.DescribeKeyInput{
-		KeyId: aws.String(kmsAlias),
+	result, err := e.KMSClient.ListAliases(&kms.ListAliasesInput{})
+	if err != nil {
+		return "", fmt.Errorf("failed to list aliases, %v", err)
 	}
 
-	result, err := e.KMSClient.DescribeKey(input)
-	if err != nil {
-		var aerr awserr.Error
-		if errors.As(err, &aerr) {
-			switch aerr.Code() {
-			case kms.ErrCodeNotFoundException:
-				Logger.Println(kms.ErrCodeNotFoundException, aerr.Error())
-			case kms.ErrCodeInvalidArnException:
-				Logger.Println(kms.ErrCodeInvalidArnException, aerr.Error())
-			case kms.ErrCodeDependencyTimeoutException:
-				Logger.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
-			case kms.ErrCodeInternalException:
-				Logger.Println(kms.ErrCodeInternalException, aerr.Error())
-			default:
-				Logger.Println(aerr.Error())
+	for _, aliasEntry := range result.Aliases {
+		if aliasEntry.AliasName != nil && *aliasEntry.AliasName == alias {
+			if aliasEntry.TargetKeyId != nil {
+				return *aliasEntry.TargetKeyId, nil
 			}
 		}
-		return ""
 	}
-	return *result.KeyMetadata.Arn
+	return "", fmt.Errorf("alias %s not found", alias)
 }
diff --git a/pkg/deployer/deployer.go b/pkg/deployer/deployer.go
@@ -596,6 +596,8 @@ func (d *Deployer) Deploy(config schemas.Config, region schemas.RegionConfig) er
 	}
 
 	blockDevices := client.EC2Service.MakeLaunchTemplateBlockDeviceMappings(d.Stack.BlockDevices)
+	d.Logger.Debugf("additional blokcDevice infomation %s", blockDevices[0].Ebs.String())
+
 	ebsOptimized := d.Stack.EbsOptimized
 
 	// Instance Type Override
@@ -645,7 +647,10 @@ func (d *Deployer) Deploy(config schemas.Config, region schemas.RegionConfig) er
 		return err
 	}
 
-	subnets := region.SubnetIDs
+	subnets := make([]string, 0)
+	if len(region.SubnetIDs) != 0 {
+		subnets = region.SubnetIDs
+	}
 	if len(subnets) == 0 {
 		Logger.Info("Not Subnet ID Specific")
 		subnets, err = client.EC2Service.GetSubnets(region.VPC, region.UsePublicSubnets, availabilityZones)
diff --git a/pkg/schemas/config.go b/pkg/schemas/config.go
@@ -249,7 +249,7 @@ type BlockDevice struct {
 	Encrypted bool `yaml:"encrypted"`
 
 	// KMS key
-	KmsKeyId string `yaml:"kmsKeyId"`
+	KmsAlias string `yaml:"kmsAlias"`
 }
 
 // Lifecycle Callback configuration

Original file line number	Diff line number	Diff line change
`@@ -249,7 +249,7 @@ type BlockDevice struct {`
`249`	`249`	Encrypted bool `yaml:"encrypted"`
`250`	`250`
`251`	`251`	`// KMS key`
`252`		- KmsKeyId string `yaml:"kmsKeyId"`
	`252`	+ KmsAlias string `yaml:"kmsAlias"`
`253`	`253`	`}`
`254`	`254`
`255`	`255`	`// Lifecycle Callback configuration`