Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-ecs) - attaching an EFS filesystem should default transit encryption to enabled #11242

Open
justin8 opened this issue Nov 2, 2020 · 2 comments
Open

(aws-ecs) - attaching an EFS filesystem should default transit encryption to enabled #11242

justin8 opened this issue Nov 2, 2020 · 2 comments
Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@justin8
Copy link
Contributor

justin8 commented Nov 2, 2020
edited by corymhall
Loading

We describe the CDK as encoding best practices by default and providing sane defaults. Yet EFS does some, less than sane things by default:

  • Encryption is disabled by default
  • To allow access a security group needs to be made and the NFS port opened up, there should be a helper method to make this easier
  • (sort of an ECS issue more than EFS, but...) When attaching an EFS filesystem to an ECS service the default is transit encryption disabled

Reproduction Steps

What did you expect to happen?

What actually happened?

Environment

  • CLI Version : 1.71.0
  • Framework Version: 1.71.0
  • Node.js Version:
  • OS :
  • Language (Version):

Other

This is 🐛 Bug Report
@justin8 justin8 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 2, 2020
@github-actions github-actions bot added the @aws-cdk/aws-efs Related to Amazon Elastic File System label Nov 2, 2020
@shivlaks shivlaks added p1 effort/medium Medium work item – several days of effort labels Nov 3, 2020
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Nov 6, 2020
@NGL321 NGL321 assigned iliapolo and unassigned shivlaks Jan 25, 2021
@skinny85 skinny85 changed the title [efs] [efs] Safe defaults Mar 29, 2021
@iliapolo iliapolo mentioned this issue Mar 30, 2021
Closed
@iliapolo iliapolo mentioned this issue Apr 7, 2021
Merged
mergify bot pushed a commit that referenced this issue Apr 8, 2021
@iliapolo
feat(efs): graduate to stable 🚀 (#14033)
3c03d87 
Following #11242, we also want to enable encryption at rest by default. 
Since switching to `true` requires a resource replacement, this PR introduces the default change behind a feature flag. 

New projects created with `cdk init` will have encryption enabled by default, and existing projects won't be affected. 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@iliapolo iliapolo removed their assignment Jun 27, 2021
hollanddd pushed a commit to hollanddd/aws-cdk that referenced this issue Aug 26, 2021
@iliapolo @hollanddd
feat(efs): graduate to stable 🚀 (aws#14033)
22f96ed 
Following aws#11242, we also want to enable encryption at rest by default. 
Since switching to `true` requires a resource replacement, this PR introduces the default change behind a feature flag. 

New projects created with `cdk init` will have encryption enabled by default, and existing projects won't be affected. 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@corymhall
Copy link
Contributor

@justin8 it looks like items 1 & 2 on your list have been addressed. If you still are interested in item 3 let me know and I'll move this over to the ECS module.

@justin8
Copy link
Contributor Author

justin8 commented Jan 4, 2022

Awesome! Yeah, it would be good to move this to ECS then to fix the remaining one

@corymhall corymhall added @aws-cdk/aws-ecs Related to Amazon Elastic Container and removed @aws-cdk/aws-efs Related to Amazon Elastic File System labels Jan 4, 2022
@corymhall corymhall removed their assignment Jan 4, 2022
@corymhall corymhall changed the title [efs] Safe defaults (aws-ecs) - attaching an EFS filesystem should default transit encryption to enabled Aug 9, 2022
@corymhall corymhall added feature-request A feature should be added or improved. and removed bug This issue is a bug. labels Aug 11, 2022
@MrArnoldPalmer MrArnoldPalmer added p2 and removed p1 labels Jan 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@justin8 @iliapolo @MrArnoldPalmer @SomayaB @shivlaks @corymhall