Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EC2: Enable EBS single step encryption by default #1556

Merged
merged 2 commits into from
Aug 26, 2019

Conversation

jackivanov
Copy link
Collaborator

@jackivanov jackivanov commented Aug 19, 2019

Description

  • Disable the ami copy task that takes too much time to make an encrypted volume
  • Enable EC2 EBS single step encryption by default

Motivation and Context

As @TC1977 noted #989 (comment), it is possible now to enable EBS encryption in one go without waiting too much time. Also, it makes sense now to enable it by default.

How Has This Been Tested?

Deployed to EC2 with and without encryption.

Types of changes

  • [] Bug fix (non-breaking change which fixes an issue)
  • [] New feature (non-breaking change which adds functionality)
  • [] Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • I have read the CONTRIBUTING document.
  • My code follows the code style of this project.
  • All new and existing tests passed.

@TC1977
Copy link
Contributor

TC1977 commented Aug 19, 2019

Tested successfully on EC2 us-east-1 using non-interactive Ansible deploy, both with "encrypted=true" and "encrypted=false".

With default settings of everything false, I have a run time of about 8:16 with -vvv and encrypted=true, and 8:39 with -vvv and encrypted=false. I have no idea why the encrypted run was faster (maybe because I was deleting the CloudFormation at the same time for the unencrypted run?), but at least there isn't a 6-minute performance hit with encryption like before.

Back when I last timed run times with #976, I got 8:23 for the unencrypted run and 14:23 for the encrypted run.

@TC1977
Copy link
Contributor

TC1977 commented Aug 19, 2019

Ok, that explains why the encrypted run was faster - both runs were encrypted. 😆

Running the newest commit with "encrypted=true" vs false and no -vvv gives run times of 8:38 with encryption vs. 8:28 without encryption.

@jackivanov jackivanov merged commit 95eddcc into master Aug 26, 2019
@jackivanov jackivanov deleted the feature/ec2-encryption branch August 26, 2019 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants