Skip to content

Commit

Permalink
DUPLO-11841: check that EBS encryption is DISABLED before proceeding
Browse files Browse the repository at this point in the history
  • Loading branch information
@joek-duplo
joek-duplo committed Oct 24, 2023
1 parent 098cf68 commit 2f71785
Showing 1 changed file with 28 additions and 0 deletions.
28 changes: 28 additions & 0 deletions .github/workflows/build-image.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,20 @@ jobs:
ONLY_BUILDERS="-only=$ONLY_BUILDERS"
fi
# Validate the AWS settings in the target account
# Without this check, we have wasted hours building an AMI only for it to fail at the end due to the encryption settings.
# If this check fails the build - it means that your build would have failed or your AMI would have been unsharable.
#
for region in us-east-1 us-east-2 us-west-1 us-west-2 ca-central-1 eu-west-2 ap-northeast-1 ap-south-1
do
encryption_enabled="$(aws ec2 get-ebs-encryption-by-default --region=$region | jq -r .EbsEncryptionByDefault)"
if [ "$encryption_enabled" = "true" ]
then
echo "EBS Encryption by Default MUST NOT BE ENABLED - STOPPING BUILD" 1>&2
exit 1
fi
done
# Build the images.
rm -f packer-manifest.json # always be clean
packer build $ONLY_BUILDERS \
Expand Down Expand Up @@ -150,6 +164,20 @@ jobs:
ONLY_BUILDERS="-only=$ONLY_BUILDERS"
fi
# Validate the AWS settings in the target account
# Without this check, we have wasted hours building an AMI only for it to fail at the end due to the encryption settings.
# If this check fails the build - it means that your build would have failed or your AMI would have been unsharable.
#
for region in us-gov-west-1 us-gov-east-1
do
encryption_enabled="$(aws ec2 get-ebs-encryption-by-default --region=$region | jq -r .EbsEncryptionByDefault)"
if [ "$encryption_enabled" = "true" ]
then
echo "EBS Encryption by Default MUST NOT BE ENABLED - STOPPING BUILD" 1>&2
exit 1
fi
done
# Build the images.
rm -f *packer-manifest.json # always be clean
packer build $ONLY_BUILDERS \
Expand Down

0 comments on commit 2f71785

Please sign in to comment.