Add tags to EC2 encrypted images (trailofbits#1530)

iBringit · Jul 27, 2019 · 545ad48 · 545ad48
1 parent 902fdab
commit 545ad48
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/roles/cloud-ec2/tasks/encrypt_image.yml b/roles/cloud-ec2/tasks/encrypt_image.yml
@@ -8,20 +8,22 @@
     filters:
       state: available
       "tag:Algo": encrypted
+      "tag:image": "{{ cloud_providers.ec2.image.name }}"
   register: search_crypt
 
 - name: Copy to an encrypted image
   ec2_ami_copy:
     aws_access_key: "{{ access_key }}"
     aws_secret_key: "{{ secret_key }}"
     encrypted: yes
-    name: algo
+    name: "algo/{{ cloud_providers.ec2.image.name }}"
     kms_key_id: "{{ kms_key_id | default(omit) }}"
     region: "{{ algo_region }}"
     source_image_id: "{{ (ami_search.images | sort(attribute='creation_date') | last)['image_id'] }}"
     source_region: "{{ algo_region }}"
     wait: true
     tags:
       Algo: "encrypted"
+      image: "{{ cloud_providers.ec2.image.name }}"
   register: ami_search_encrypted
   when: search_crypt.images|length|int == 0