Add auto encryption for AWS Data Disks and Object Storage
What does this MR do?
MR adds in auto encryption for data disks on AWS and Object Storage buckets with managed KMS keys for each individual resource (i.e. each disk and bucket). Essentially matching what happens on GCP (which does encryption by default).
Notes for existing environments:
- VM Root Block Devices (AKA the main disk) are not encrypted by default to allow for backwards compatibility. This can be toggled via a setting for new environments.
- Existing RDS and Elasticache instances where default encryption was used will require manual actions for upgrade.
Related issues
Closes https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit/-/issues/300
Relates https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit/-/issues/155 https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit/-/issues/272
Author's checklist
When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers:
- Merge request:
-
Corresponding Issue raised and reviewed by the GET maintainers team. -
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline
-
- Code:
-
Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.). -
Documentation created/updated in the same MR. -
If this MR adds an optional configuration - check that all permutations continue to work. -
For Terraform changes: setup a previous version environment, then run a terraform planwith your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.
-
-
Create any follow-up issue(s) to support the new feature across other supported cloud providers or advanced configurations. Create 1 issue for each provider/configuration. Contact the Quality Enablement team if unsure.
Edited by Grant Young