Don't encrypt the AMI's root snapshot (#17)

We are an open-source project, so we don't need to pay the cost or complexity of having this, but mainly having an ASG launch this AMI needs we need to set up a more complex "Service-Linked" IAM role, which is complexity we just don't need.
apache · Apr 23, 2021 · e036ae904379e7364c93a7f23456c3507fb749c9 · e036ae9
1 parent 86bb048
commit e036ae904379e7364c93a7f23456c3507fb749c9
Showing 2 changed files with 1 addition and 6 deletions.
diff --git a/github-runner-ami/packer/ubuntu2004.pkr.hcl b/github-runner-ami/packer/ubuntu2004.pkr.hcl
@@ -33,9 +33,6 @@ variable "packer_role_arn" {
 variable "runner_version" {
   type = string
 }
-variable "kms_key_arn" {
-  type = string
-}
 variable "session_manager_instance_profile_name" {
   type = string
 }
@@ -54,8 +51,7 @@ source "amazon-ebs" "runner_builder" {
     key                 = "ami"
     value               = "github-runner-ami"
   }
-  encrypt_boot = true
-  kms_key_id = var.kms_key_arn
+  encrypt_boot = false
   instance_type = "t3.micro"
   communicator = "ssh"
   ssh_username = "ubuntu"

diff --git a/github-runner-ami/packer/vars/variables.pkrvars.hcl b/github-runner-ami/packer/vars/variables.pkrvars.hcl
@@ -21,5 +21,4 @@ aws_region = "eu-central-1"
 subnet_id = "subnet-72ed3c0e"
 packer_role_arn = "arn:aws:iam::827901512104:role/packer-role"
 runner_version = "2.278.0-airflow2"
-kms_key_arn = "arn:aws:kms:eu-central-1:827901512104:key/48a58710-7ac6-4f88-995f-758a6a450faa"
 session_manager_instance_profile_name = "packer_ssm_instance_profile"