Skip to content

aws-ecs: Enable Ephemeral storage encryption in ECS Cluster L2 construct #30721

Closed
Closed
aws-ecs: Enable Ephemeral storage encryption in ECS Cluster L2 construct#30721
#30759 (+4)
Labels
@aws-cdk/aws-ecsRelated to Amazon Elastic Containereffort/mediumMedium work item – several days of effortfeature-requestA feature should be added or improved.p2
@jaecktec

Description

@jaecktec
jaecktec
opened on Jul 1, 2024

Describe the feature

Add properties to L2 ecs CLuster construct to support ephemeral storage configuration

Use Case

Right now to enable this feature I need to edit the L1 construct like this:

const cfnCluster = cluster.node.defaultChild as CfnCluster;
cfnCluster.configuration = {
  ...cfnCluster.configuration,
  managedStorageConfiguration: {
    ...cfnCluster.configuration,
    fargateEphemeralStorageKmsKeyId: key.keyId,
  },
};

and adjusting the key policy according to the developer guide.

Proposed Solution

L2 Construct should support setting the new feature of ephermal storage encryption which adds the keys + updates the key policy

Other Information

Developer Guide: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-create-storage-key.html
Ephemeral Storage Encryption: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-storage-encryption.html

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.147.0

Environment details (OS name and version, etc.)

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-ecsRelated to Amazon Elastic Containereffort/mediumMedium work item – several days of effortfeature-requestA feature should be added or improved.p2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions