Add support for KmsKeyId in ec2:RunInstances (#3943)

2021-05-19 23:11:50 -07:00 · 2021-05-19 23:11:50 -07:00 · 752b508738
commit 752b508738
parent 58f7ab0d25
3 changed files with 49 additions and 1 deletions
--- a/moto/ec2/models.py
+++ b/moto/ec2/models.py
@ -612,9 +612,10 @@ class Instance(TaggedEC2Resource, BotoInstance, CloudFormationModel):
        snapshot_id=None,
        encrypted=False,
        delete_on_termination=False,
+        kms_key_id=None,
    ):
        volume = self.ec2_backend.create_volume(
-            size, self.region_name, snapshot_id, encrypted
+            size, self.region_name, snapshot_id, encrypted, kms_key_id
        )
        self.ec2_backend.attach_volume(
            volume.id, self.id, device_path, delete_on_termination
@ -984,12 +985,14 @@ class InstanceBackend(object):
                    delete_on_termination = block_device["Ebs"].get(
                        "DeleteOnTermination", False
                    )
+                    kms_key_id = block_device["Ebs"].get("KmsKeyId")
                    new_instance.add_block_device(
                        volume_size,
                        device_name,
                        snapshot_id,
                        encrypted,
                        delete_on_termination,
+                        kms_key_id,
                    )
            else:
                new_instance.setup_defaults()
--- a/moto/ec2/responses/instances.py
+++ b/moto/ec2/responses/instances.py
@ -301,6 +301,7 @@ class InstanceResponse(BaseResponse):
            device_template["Ebs"]["Encrypted"] = self._convert_to_bool(
                device_mapping.get("ebs._encrypted", False)
            )
+            device_template["Ebs"]["KmsKeyId"] = device_mapping.get("ebs._kms_key_id")
            mappings.append(device_template)

        return mappings
--- a/tests/test_ec2/test_ec2_integration.py
+++ b/tests/test_ec2/test_ec2_integration.py
@ -0,0 +1,44 @@
+from __future__ import unicode_literals
+
+import boto3
+import sure  # noqa
+
+from moto import mock_ec2, mock_kms
+from tests import EXAMPLE_AMI_ID
+
+
+@mock_ec2
+@mock_kms
+def test_run_instance_with_encrypted_ebs():
+    kms = boto3.client("kms", region_name="us-east-1")
+    resp = kms.create_key(Description="my key", KeyUsage="ENCRYPT_DECRYPT")
+    key_id = resp["KeyMetadata"]["Arn"]
+
+    ec2 = boto3.client("ec2", region_name="us-east-1")
+    kwargs = {
+        "MinCount": 1,
+        "MaxCount": 1,
+        "ImageId": EXAMPLE_AMI_ID,
+        "KeyName": "the_key",
+        "InstanceType": "t1.micro",
+        "BlockDeviceMappings": [
+            {
+                "DeviceName": "/dev/sda2",
+                "Ebs": {
+                    "VolumeSize": 50,
+                    "VolumeType": "gp2",
+                    "Encrypted": True,
+                    "KmsKeyId": key_id,
+                },
+            }
+        ],
+    }
+    ec2.run_instances(**kwargs)
+
+    instances = ec2.describe_instances().get("Reservations")[0].get("Instances")
+    volume = instances[0]["BlockDeviceMappings"][0]["Ebs"]
+
+    volumes = ec2.describe_volumes(VolumeIds=[volume["VolumeId"]])
+    volumes["Volumes"][0]["Size"].should.equal(50)
+    volumes["Volumes"][0]["Encrypted"].should.equal(True)
+    volumes["Volumes"][0]["KmsKeyId"].should.equal(key_id)