Terraform Elastic Beanstalk 环境 - 用于加密 S3 存储桶的设置?
Terraform Elastic Beanstalk Environment - setting for encrypting S3 bucket?
我正在尝试使用 Terraform 在 Elastibeanstalk 上部署一个简单的 Flask 应用程序。
我正在为 ElasticBeanstalk 环境使用 Terraform 的默认资源 - aws_elastic_beanstalk_environment
我能够成功部署我的应用程序,但是在部署期间 ElasticBeanstalk creates an S3 bucket - elasticbeanstalk-region-account-id 默认情况下未加密。
我想更改此行为并确保此存储桶在创建时已加密。我使用哪个设置来完成此操作?我找不到与此相关的设置。有什么想法吗?
默认情况下 aws beansltalk 创建一个未加密的存储桶,因此 aws_elastic_beanstalk_environment 资源无法在此处执行任何操作
来自 AWS 文档:
Elastic Beanstalk doesn't turn on default encryption for the Amazon S3
bucket that it creates. This means that by default, objects are stored
unencrypted in the bucket (and are accessible only by authorized
users). Some applications require all objects to be encrypted when
they are stored—on a hard drive, in a database, etc. (also known as
encryption at rest). If you have this requirement, you can configure
your account's buckets for default encryption
所以你需要自己开启,试试下面的方法
创建 beanstalk 环境后,获取 beantalk 创建的 aws s3 存储桶并通过 Terraform 资源启用服务器端加密 aws_s3_bucket_server_side_encryption_configuration
resource "aws_kms_key" "mykey" {
description = "This key is used to encrypt bucket objects"
deletion_window_in_days = 10
}
data "aws_s3_bucket" "mybucket" {
bucket = "elasticbeanstalk-region-account-id" # here change the value with your information
}
resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
bucket = data.aws_s3_bucket.mybucket
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = aws_kms_key.mykey.arn
sse_algorithm = "aws:kms"
}
}
}
我正在尝试使用 Terraform 在 Elastibeanstalk 上部署一个简单的 Flask 应用程序。
我正在为 ElasticBeanstalk 环境使用 Terraform 的默认资源 - aws_elastic_beanstalk_environment
我能够成功部署我的应用程序,但是在部署期间 ElasticBeanstalk creates an S3 bucket - elasticbeanstalk-region-account-id 默认情况下未加密。
我想更改此行为并确保此存储桶在创建时已加密。我使用哪个设置来完成此操作?我找不到与此相关的设置。有什么想法吗?
默认情况下 aws beansltalk 创建一个未加密的存储桶,因此 aws_elastic_beanstalk_environment 资源无法在此处执行任何操作
来自 AWS 文档:
Elastic Beanstalk doesn't turn on default encryption for the Amazon S3 bucket that it creates. This means that by default, objects are stored unencrypted in the bucket (and are accessible only by authorized users). Some applications require all objects to be encrypted when they are stored—on a hard drive, in a database, etc. (also known as encryption at rest). If you have this requirement, you can configure your account's buckets for default encryption
所以你需要自己开启,试试下面的方法 创建 beanstalk 环境后,获取 beantalk 创建的 aws s3 存储桶并通过 Terraform 资源启用服务器端加密 aws_s3_bucket_server_side_encryption_configuration
resource "aws_kms_key" "mykey" {
description = "This key is used to encrypt bucket objects"
deletion_window_in_days = 10
}
data "aws_s3_bucket" "mybucket" {
bucket = "elasticbeanstalk-region-account-id" # here change the value with your information
}
resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
bucket = data.aws_s3_bucket.mybucket
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = aws_kms_key.mykey.arn
sse_algorithm = "aws:kms"
}
}
}