(aws-ec2): Add KmsKeyId property to launchtemplate -> blockdevicemapping -> ebs

[markussiebert]

Description

At the moment, it is possible to set encrypted: true in launchtemplate block device mappings, but you cannot specify the kms key used for encryption.

https://docs.aws.amazon.com/de_de/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-blockdevicemapping-ebs.html#cfn-ec2-launchtemplate-blockdevicemapping-ebs-kmskeyid

Use Case

I want to specify the kms key used to encrypt the volume. I cross account share encrypted amis, but as they get started, they are encrypted with the default ebs kms key. I want to specify my own...

Proposed Solution

Add property referencing to an IKmsKey here:

aws-cdk/packages/@aws-cdk/aws-ec2/lib/volume.ts

Line 82 in aff607a

export interface EbsDeviceOptions extends EbsDeviceOptionsBase {

Other information

Add property referencing to an kmskey here:

aws-cdk/packages/@aws-cdk/aws-ec2/lib/volume.ts

Line 82 in aff607a

export interface EbsDeviceOptions extends EbsDeviceOptionsBase {

as it should be accepted by cloudformation:
https://docs.aws.amazon.com/de_de/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-blockdevicemapping-ebs.html#cfn-ec2-launchtemplate-blockdevicemapping-ebs-kmskeyid

just checked it with a propertyOverride - the result is what I expected, but would be nice if this would be a native option of the cdk.

Acknowledge

• I may be able to implement this feature request
• This feature might incur a breaking change

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.