Run instances encrypted docs

[yogevhenig89]

Describe the issue

Under the 'Run Instances' section in the boto3 documentation, there is an encrypted section. Inside, it is written:

If you are creating a block device mapping from an existing encrypted or unencrypted snapshot, you must omit this parameter. If you include this parameter, the request will fail, regardless of the value that you specify.

I tried it out for unencrypted snapshots, and it worked. Is there any change in this area?

Links

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2/client/run_instances.html

[ArjunMenon-bit]

@RyanFitzSimmonsAK @tim-finnigan Can I work on this issue? Will try to reproduce this and make necessary changes in documentation if required.

[tim-finnigan]

Hi @yogevhenig89 thanks for reaching out. The Boto3 run_instances command corresponds to the EC2 RunInstances API. Therefore, any issues with the API functionality or documentation would need to get forwarded to the EC2 team. Also for tracking changes between Boto3/Botocore versions you can refer to the CHANGELOG files.

To expand on the documentation section you referenced, it notes:

For CreateImage and RegisterImage, whether you can include this
parameter, and the allowed values differ depending on the type of block
device mapping you are creating.

• If you are creating a block device mapping for a new (empty) volume, you can include this parameter, and specify either true for an encrypted volume, or false for an unencrypted volume. If you omit this parameter, it defaults to false (unencrypted).

• If you are creating a block device mapping from an existing encrypted or unencrypted snapshot, you must omit this parameter. If you include this parameter, the request will fail, regardless of the value that you specify.

• If you are creating a block device mapping from an existing unencrypted volume, you can include this parameter, but you must specify false. If you specify true, the request will fail. In this case, we recommend that you omit the parameter.

• If you are creating a block device mapping from an existing encrypted volume, you can include this parameter, and specify either true or false. However, if you specify false,
  the parameter is ignored and the block device mapping is always
  encrypted. In this case, we recommend that you omit the parameter.

So the behavior can vary between different APIs and under various circumstances. Can you provide any more details regarding the behavior you observed?

If you think that the documentation could be improved here, then we recommend reaching out via the Provide feedback at the bottom of the API documentation page in order to escalate to the appropriate team. If you believe there is an issue with the command/API functionality, please share a code snippet for reproducing the issue, and debug logs (with any sensitive info redacted) by adding boto3.set_stream_logger('') to your script.

@ArjunMenon-bit please feel free to help out with looking into this issue.

[yogevhenig89]

Hi @ArjunMenon-bit @tim-finnigan, Thank you so much for your informative respond
The behavior I observed is as follow:
I have an unencrypted snapshot, and I want to attach it as a volume to an EC2 instance.
According to the attached quote from the docs, I'm not suppose to be able to attach it with 'Encrypted': True inside the BlockDeviceMappings right ?
But this is actually possible, you can even try it out from the AWS console. Create an unencrypted snapshot and then launch new instance and in the add new volume menu it is possible to choose between encrypted/ not encrypted

So either I miss something here, Or there is an issue with the docs ?

Thanks!

[tim-finnigan]

Hi @yogevhenig89 thanks for following up and for your patience here. As you described, I think there may be an inconsistency here with the API documentation and behavior. I went ahead and reached out to the EC2 documentation team to address this. Any changes to the API documentation will automatically get pulled in to the Boto3 documentation. Since this is an issue with the API documentation rather than directly with Boto3, I'll go ahead and close this issue. Thanks again for reporting.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.