Skip to content

Commit e28d013

Browse files
luthermonsonluthermonson
authored
Merge pull request rancher#91 from ibrokethecloud/customkms
Allow Customer Managed encryption key for ec2 driver
2 parents de41505 + 4b1d365 commit e28d013

File tree

1 file changed

+13
-2
lines changed

1 file changed

+13
-2
lines changed

drivers/amazonec2/amazonec2.go

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -126,8 +126,8 @@ type Driver struct {
126126
DisableSSL bool
127127
UserDataFile string
128128
EncryptEbsVolume bool
129-
130-
spotInstanceRequestId string
129+
spotInstanceRequestId string
130+
kmsKeyId *string
131131
}
132132

133133
type clientFactory interface {
@@ -299,6 +299,11 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag {
299299
Usage: "Encrypt the EBS volume using the AWS Managed CMK",
300300
EnvVar: "AWS_ENCRYPT_EBS_VOLUME",
301301
},
302+
mcnflag.StringFlag{
303+
Name: "amazonec2-kms-key",
304+
Usage: "Custom KMS key using the AWS Managed CMK",
305+
EnvVar: "AWS_KMS_KEY",
306+
},
302307
}
303308
}
304309

@@ -398,6 +403,11 @@ func (d *Driver) SetConfigFromFlags(flags drivers.DriverOptions) error {
398403
d.UserDataFile = flags.String("amazonec2-userdata")
399404
d.EncryptEbsVolume = flags.Bool("amazonec2-encrypt-ebs-volume")
400405

406+
kmskeyid := flags.String("amazonec2-kms-key")
407+
if kmskeyid != "" {
408+
d.kmsKeyId = aws.String(kmskeyid)
409+
}
410+
401411
d.DisableSSL = flags.Bool("amazonec2-insecure-transport")
402412

403413
if d.DisableSSL && d.Endpoint == "" {
@@ -606,6 +616,7 @@ func (d *Driver) innerCreate() error {
606616
VolumeType: aws.String(d.VolumeType),
607617
DeleteOnTermination: aws.Bool(true),
608618
Encrypted: aws.Bool(d.EncryptEbsVolume),
619+
KmsKeyId: d.kmsKeyId,
609620
},
610621
}
611622
netSpecs := []*ec2.InstanceNetworkInterfaceSpecification{{

0 commit comments

Comments
 (0)