Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fargate] : Ephemeral volume encryption using CMK managed through AWS Key Management Service (KMS) #915

Closed
akshayram-wolverine opened this issue May 27, 2020 · 7 comments
Closed

[Fargate] : Ephemeral volume encryption using CMK managed through AWS Key Management Service (KMS) #915

akshayram-wolverine opened this issue May 27, 2020 · 7 comments
Assignees
@vibhav-ag
Labels
Fargate AWS Fargate Proposed Community submitted issue
Projects
containers-roadmap

Comments

@akshayram-wolverine
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request
What do you want us to build?
We are working on a feature to introduce customer master keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) (CMKs) stored in AWS Key Management Service (https://aws.amazon.com/kms/) (AWS KMS) for encryption of ephemeral storage. This will allow customers to control CMK origin, ownership and audit amongst other benefits (https://aws.amazon.com/kms/features/) offered by AWS KMS to help with key management controls.

Which service(s) is this request for?
Fargate
@akshayram-wolverine akshayram-wolverine added Fargate AWS Fargate Proposed Community submitted issue labels May 27, 2020
@akshayram-wolverine akshayram-wolverine added this to We're Working On It in containers-roadmap May 27, 2020
@vattybear vattybear mentioned this issue May 28, 2020
Closed
@jbarz1
Copy link

jbarz1 commented Feb 15, 2022

Will this support cross account KMS key? That is the KMS key belongs to an account that is different from the account that owns the Fargate task? Similar to

https://docs.aws.amazon.com/autoscaling/ec2/userguide/key-policy-requirements-EBS-encryption.html#policy-example-cmk-cross-account-access

@omieomye omieomye mentioned this issue Mar 30, 2022
Closed
@pspot2
Copy link

pspot2 commented Mar 30, 2022

Nowadays this is absolutely basic for security departments of companies, and Fargate's ephemeral storage is a no-go without this feature. Especially if it is exposed as a bind mount of a shared host.

@ghost
Copy link

ghost commented Mar 19, 2023
edited by ghost
Loading

Is there an update on this? As this was announced almost 3 years ago I would be very interested in seeing this feature finally being shipped :)

@filipjnc
Copy link

In my company we can't ship with ECS Fargate launchers due to this and need to fallback to EC2 launchers. Please release this.

@fablocke
Copy link

The same applies to my company. Would appreciate feedback from AWS.

@amit2067
Copy link

amit2067 commented Nov 1, 2023

Is it going to be released any soon?

@jenmlinaws jenmlinaws moved this from We're Working On It to Coming Soon in containers-roadmap May 13, 2024
@mlanner-aws
Copy link

Launched on June 10, 2024: https://aws.amazon.com/blogs/compute/securing-amazon-ecs-workloads-on-aws-fargate-with-customer-managed-keys/

containers-roadmap automation moved this from Coming Soon to Shipped Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vibhav-ag vibhav-ag

Labels
Fargate AWS Fargate Proposed Community submitted issue
Projects
containers-roadmap
  
Shipped
Milestone
No milestone
Development

No branches or pull requests
8 participants
@pspot2 @fablocke @filipjnc @amit2067 @akshayram-wolverine @mlanner-aws @jbarz1 @vibhav-ag