From b5b313535e309e529788c74437a47128d3d38286 Mon Sep 17 00:00:00 2001
From: Jason McVetta <jason.mcvetta@gmail.com>
Date: Tue, 16 May 2023 17:39:55 -0400
Subject: [PATCH] feat: Enable root EBS volume encryption (#22)

https://github.com/ordinaryexperts/terraform-aws-hardened-bastion/pull/22
---
 ec2.tf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ec2.tf b/ec2.tf
index 99617e7..d416fbd 100644
--- a/ec2.tf
+++ b/ec2.tf
@@ -65,6 +65,10 @@ resource "aws_launch_configuration" "this" {
 
   security_groups = [aws_security_group.this.id]
 
+  root_block_device {
+    encrypted = true
+  }
+
   user_data = templatefile("${path.module}/user_data.sh.tmpl", {
     aws_region  = local.region
     bucket_name = aws_s3_bucket.this.bucket