amazon web services - need to create an autoscaling group with encrypted EBS volume with Customer kms key

Question

using aws CDK, I need to create an autoscaling with encrypted volume with customer KMS key, I Now that I can do this by using a lanch template but I did not found in the documentation how to create the lanch template and how to create the autoscaling group with this one.

I found just this constructor methode "autoscaling.AutoScalingGroup" '''

autoscaling.AutoScalingGroup(self, "my-app",
                                vpc=vpc,
                                vpc_subnets=ec2.SubnetSelection(                                              
                                   subnets=[
                                      ec2.Subnet.from_subnet_id(self,"asg_subnetAz1",subnet_az1_id), 
                                      ec2.Subnet.from_subnet_id(self, "asg_subnetAz2", subnet_az2_id)
                                    ]
                                 ),
                                instance_type=ec2.InstanceType( instance_type_identifier=ec2_type),                                              
                                machine_image=linux_ami,
                                desired_capacity=1,
                                min_capacity=1,
                                max_capacity=1,
                                security_group=sg_asg,
                                block_devices=[
                                  autoscaling.BlockDevice(
                                     device_name="/dev/sda1", 
                                     volume=autoscaling.BlockDeviceVolume.ebs(
                                            volume_size=ebs_volume_size, 
                                            delete_on_termination=delete, 
                                            encrypted=True, 
                                            volume_type=autoscaling.EbsDeviceVolumeType.GP2
                                      )
                                  )
                                ],
                               user_data=ec2.UserData.custom(user_data_ec2), 
                               role=self.ec2_role
) 

'''

it is working fine but in block_devides parameter I can not specify the customer key.

have you any idea about how to do this?

question from:https://stackoverflow.com/questions/65874105/need-to-create-an-autoscaling-group-with-encrypted-ebs-volume-with-customer-kms

Answer 1

this perhaps could help another one. to create the autoscaling with custom key 2 ways:

• Create a launch template where you can specify the KMS key to encrypt the EBS volume and then create ASG with this launch template.
• or just create the asg without encryption and change the account setting to force the encryption of every new ebs volume with the CMK. this is the easiest way.