Amazon EC2

Encrypted Root for Amazon EC2

Amazon EC2 allows users to start virtual machine instances on demand. This is very convenient for resource scaling, but the storing of potentially valuable data in a fuzzy cloud may raise some new questions about privacy and security. As far as I can tell, there is currently no standard solution for encrypting the root filesystem of an EC2 instance. The following tarball contains the latest version of my attempt to remedy this in what is hopefully a user-friendly way: encroot_2015-05-28.tgz

A man page exists, and a list of changes from earlier versions is found here.

For some reason, the earliest versions of the code were never stored under version control, but if you're interested in the history of later development, or if you want to make your own changes, you can clone the Git repository from this web server:

          git clone http://www.gulbra.net/ec2/encroot.git
        

EC2 API Calls from Shell Scripts

As part of the above solution, I needed to automate handling of calls to the Amazon EC2 API from my shell scripts. The command-line tools released by the Amazon Web Services team are not optimal for this use. My awsapi Perl script (included in the above encroot tarball) combines a low-level view of the AWS APIs with some fairly powerful features that make it easier to write shell scripts. This is not necessarily meant for everyday command-line use, but could be an excellent base for a few small scripts that are. If you are interested, the full documentation can be found here.