-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws-ecs) - attaching an EFS filesystem should default transit encryption to enabled #11242
Labels
@aws-cdk/aws-ecs
Related to Amazon Elastic Container
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p2
Comments
justin8
added
bug
This issue is a bug.
needs-triage
This issue or PR still needs to be triaged.
labels
Nov 2, 2020
github-actions
bot
added
the
@aws-cdk/aws-efs
Related to Amazon Elastic File System
label
Nov 2, 2020
mergify bot
pushed a commit
that referenced
this issue
Apr 8, 2021
Following #11242, we also want to enable encryption at rest by default. Since switching to `true` requires a resource replacement, this PR introduces the default change behind a feature flag. New projects created with `cdk init` will have encryption enabled by default, and existing projects won't be affected. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
hollanddd
pushed a commit
to hollanddd/aws-cdk
that referenced
this issue
Aug 26, 2021
Following aws#11242, we also want to enable encryption at rest by default. Since switching to `true` requires a resource replacement, this PR introduces the default change behind a feature flag. New projects created with `cdk init` will have encryption enabled by default, and existing projects won't be affected. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@justin8 it looks like items 1 & 2 on your list have been addressed. If you still are interested in item 3 let me know and I'll move this over to the ECS module. |
Awesome! Yeah, it would be good to move this to ECS then to fix the remaining one |
corymhall
added
@aws-cdk/aws-ecs
Related to Amazon Elastic Container
and removed
@aws-cdk/aws-efs
Related to Amazon Elastic File System
labels
Jan 4, 2022
corymhall
changed the title
[efs] Safe defaults
(aws-ecs) - attaching an EFS filesystem should default transit encryption to enabled
Aug 9, 2022
corymhall
added
feature-request
A feature should be added or improved.
and removed
bug
This issue is a bug.
labels
Aug 11, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/aws-ecs
Related to Amazon Elastic Container
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p2
We describe the CDK as encoding best practices by default and providing sane defaults. Yet EFS does some, less than sane things by default:
Encryption is disabled by defaultTo allow access a security group needs to be made and the NFS port opened up, there should be a helper method to make this easierReproduction Steps
What did you expect to happen?
What actually happened?
Environment
Other
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: