We are new to terraform, trying to use aws provider with terraform version v4.30.
We are trying to find the right setting to encrypt our instance volume.
In this example, we don’t use block_device_mappings.
From research, we see different attribute names used for encryption, like
- root_encrypted
- root_volume_encrypted
- root_volume_encrypted_enabled.
- Which do we use to set the encryption boolean ? Is what we have below correct ?
- If we apply the wrong setting, how do we recover to the previous setting ? Do we simply remove the encryption setting and then
terraform apply?
Any help is appreciated.
We have the following -
main.tf
:(other code)
:
:
module "mod_a" {
source = "../modules/dirA"
root_encrypted = true
root_volume_size = 10
root_volume_type = "gp2"
:
:
}
dirA/ec2_launch_template.tf
resource "aws_launch_template" "generic_template" {
name = "Basic T"
key_name = var.xxxxx
image_id = var.instance_ami
instance_type = var.instance_type
:
: (other code)
:
tag_specifications {
resource_type = "instance"
tags = {
Name = "test"
}
}
}
dirA/vars.tf
:
: (other code)
variable "root_volume_size"{
description = "Volume size"
}
variable "root_volume_type"{
description = "Volume type"
}
variable "root_encrypted"{
description = "Encrypt"