[Bug 251583] FreeBSD/EC2 breakage w/ encrypted EBS volumes

Fri Apr 23 15:59:48 UTC 2021

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251583

--- Comment #12 from darmokandjalad at gmail.com ---
(In reply to Konstantin Pavlov from comment #9)

I have the EBS volume encryption being enforced by AWS Organizations in my
production AWS account too, but not in my test AWS account, which I used to
identify EBS encryption as the issue. Since this problem didn't appear in the
12.1-RELEASE AMI, I took the path of:

(1) Launching an EC2 instance with an encrypted EBS volume using a 12.1-RELEASE
AMI.

(2) Logging into the instance and upgrading it to 12.2-RELEASE with
freebsd-update.

(3) Creating a custom AMI from the instance with which to launch other 12.2
instances.

A 12.1-RELEASE AMI was made available in the eu-central-1 region, as documented
in that release's announcement:

https://www.freebsd.org/releases/12.1R/announce/

I haven't found a way to search for and launch an EC2 instance from a
particular AMI in the AWS Console, but I was able to launch an instance of the
AMI in my region with the AWS CLI, using:

    aws ec2 run-instances --image-id <ami in your region>

I'll warn that I haven't been able to get user data scripts to run properly
when launching an EC2 instance from a custom AMI, as the standard work-around
for Amazon Linux-derived custom AMIs (making "#cloud-boothook" to the first
line of your user data script) doesn't seem to work. I take that as a sign I
should switch to using Ansible to bootstrap my instances.

My thanks to Alan Cummings for reporting this, Billy for pointing out a
work-around, and to the FreeBSD team for investigating.

-- 
You are receiving this mail because:
You are the assignee for the bug.