Encrypt EBS volumes which are unencrypted targeting instances by tag
Testing in Python virtual environment using python version 3.8 on Ubuntu 20.04 on WSL2
- python3.8 -m venv env
- source env/bin/activate
- pip install --upgrade pip
- pip install --upgrade boto3
- pip install --upgrade awscli
To ensure the code can easily be re-used I have set all the key elements as variables. These can also be defined as variables in any automation software.
| Key | Value |
|---|---|
| verbose | True or False - if True you will get a lot of output! |
| search_tag | Tag to search for instances, e.g. Name |
| search_value | Value in search_tag to search for instances |
| snap_prefix | Snapshot description |
| arole | Role to assume across accounts |
| accounts | list of accounts to process using above role e.g ['0000000000000','1111111111111','2222222222222222','333333333333333333'] |
- For each account listed
- Retrieve instance details from instances which fulfil the filter rules based on tag
- For each instance
- Check for unencrypted volumes
- Shutdown if unencrypted volumes exist and state was running
- Detach volume
- Create unencrypted snapshot
- Create encrypted copy of snapshot
- Create encrypted volume of snapshot
- Attach encrypted volumes
- Return machine to original state
None
- Setup to use tags instead of input file
- Setup to use a role rather than AWS CLI credentials.
- Configure to use an array of accounts.
- remove the counts and instead use the cli wait commands (new post code writing)
- Rewrite in python
None presently
Dave Hart link to blog!