Encrypted Root for Amazon EC2
Amazon EC2 allows users to start virtual machine instances on demand. This is very convenient for resource scaling, but the storing of potentially valuable data in a fuzzy cloud may raise some new questions about privacy and security. As far as I can tell, there is currently no standard solution for encrypting the root filesystem of an EC2 instance. The following tarball contains the latest version of my attempt to remedy this in what is hopefully a user-friendly way: encroot_2018-01-21.tgz
A man page exists, and a list of changes from earlier versions is found here.
For some reason, the earliest versions of the code were never stored under version control, but if you're interested in the history of later development, or if you want to make your own changes, you can clone the Git repository from this web server:
git clone https://www.gulbra.net/ec2/encroot.git
EC2 API Calls from Shell Scripts
As part of the above solution, I needed to automate handling of calls
to the Amazon EC2 API from my shell scripts. The command-line tools
released by the Amazon Web Services team are not optimal for this use.
My awsapi
Perl script (included in
the above encroot tarball) combines a low-level view of the AWS APIs
with some fairly powerful features that make it easier to write
shell scripts. This is not necessarily meant for
everyday command-line use, but could be an excellent base for a few
small scripts that are. If you are interested, the full documentation
can be found here.