Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support filtering by network encryption #82

Closed
Nuru opened this issue Apr 9, 2021 · 3 comments
Closed

Support filtering by network encryption #82

Nuru opened this issue Apr 9, 2021 · 3 comments
Labels
enhancement New feature or request

Comments

@Nuru
Copy link

Nuru commented Apr 9, 2021

A subset of Nitro instance types support automatic encryption of network traffic. For some applications, this is a requirement, so I would like to have an option to filter instances by this capability.
@bwagner5
Copy link
Contributor

Hmmm I don't see any value we can use to filter those in the DescribeInstanceTypes API. I might be missing the attribute, do you see anything? It may very well not be exposed by this API yet, but I'd be hesitant hard code instance types or anything like that.

➜  ~ aws ec2 describe-instance-types --instance-types c5a.large --region us-east-1
{
    "InstanceTypes": [
        {
            "InstanceType": "c5a.large",
            "CurrentGeneration": true,
            "FreeTierEligible": false,
            "SupportedUsageClasses": [
                "on-demand",
                "spot"
            ],
            "SupportedRootDeviceTypes": [
                "ebs"
            ],
            "SupportedVirtualizationTypes": [
                "hvm"
            ],
            "BareMetal": false,
            "Hypervisor": "nitro",
            "ProcessorInfo": {
                "SupportedArchitectures": [
                    "x86_64"
                ],
                "SustainedClockSpeedInGhz": 3.3
            },
            "VCpuInfo": {
                "DefaultVCpus": 2,
                "DefaultCores": 1,
                "DefaultThreadsPerCore": 2,
                "ValidCores": [
                    1
                ],
                "ValidThreadsPerCore": [
                    1,
                    2
                ]
            },
            "MemoryInfo": {
                "SizeInMiB": 4096
            },
            "InstanceStorageSupported": false,
            "EbsInfo": {
                "EbsOptimizedSupport": "default",
                "EncryptionSupport": "supported",
                "EbsOptimizedInfo": {
                    "BaselineBandwidthInMbps": 200,
                    "BaselineThroughputInMBps": 25.0,
                    "BaselineIops": 800,
                    "MaximumBandwidthInMbps": 3170,
                    "MaximumThroughputInMBps": 396.25,
                    "MaximumIops": 13300
                },
                "NvmeSupport": "required"
            },
            "NetworkInfo": {
                "NetworkPerformance": "Up to 10 Gigabit",
                "MaximumNetworkInterfaces": 3,
                "MaximumNetworkCards": 1,
                "DefaultNetworkCardIndex": 0,
                "NetworkCards": [
                    {
                        "NetworkCardIndex": 0,
                        "NetworkPerformance": "Up to 10 Gigabit",
                        "MaximumNetworkInterfaces": 3
                    }
                ],
                "Ipv4AddressesPerInterface": 10,
                "Ipv6AddressesPerInterface": 10,
                "Ipv6Supported": true,
                "EnaSupport": "required",
                "EfaSupported": false
            },
            "PlacementGroupInfo": {
                "SupportedStrategies": [
                    "cluster",
                    "partition",
                    "spread"
                ]
            },
            "HibernationSupported": false,
            "BurstablePerformanceSupported": false,
            "DedicatedHostsSupported": false,
            "AutoRecoverySupported": true
        }
    ]
}

@bwagner5 bwagner5 added the enhancement New feature or request label Apr 29, 2021
@Nuru
Copy link
Author

Nuru commented May 1, 2021
edited

I have not done the full comparison with the documented list, but I think the filter is

Hypervisor == "nitro" &&  NetworkInfo.enaSupport == "required" && EbsInfo.NvmeSupport == "required"

You might consider using that filter with a documented caveat if it omits a small number of instance types that should be included, so long as it does not include any instance types that should be excluded.

Is that something you can try out?

Update: Well, z1d passes the filter but is not on the list. Bummer.

I can understand why you do not want to include (or maintain) a hard coded list, but if you don't, I have to, in order to provide the network encryption guarantee. So please think about a way you can support it with caveats.

Hopefully there is some other API call that will distinguish the z1d from the other instance types. Is there something more specific to networking?

@bwagner5
Copy link
Contributor

bwagner5 commented May 1, 2021

I can look into this deeper and try to find something that works. Based on your suggestion of a filter, it would be neat to allow users to specify their own filters based on the describe-instance-types response so that you could do something like this without including it in the actual distribution.

@bwagner5 bwagner5 mentioned this issue Apr 2, 2022
Merged
@bwagner5 bwagner5 closed this as completed Apr 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Nuru @bwagner5