From 276e41f7440e1811f3fa44ebe3ee3e13cf89cac1 Mon Sep 17 00:00:00 2001
From: Craig Rueda <craig@craigrueda.com>
Date: Fri, 6 Mar 2020 03:54:12 -0800
Subject: [PATCH] Adding encrypted option to root_block_device of
 launch_configuration (#761)

* Adding encrypted option to root_block_device of launch_configuration

* Updating CHANGELOG.md

* Setting back to empty string
---
 CHANGELOG.md | 1 +
 workers.tf   | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5268625..fb88268 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 ## [[v9.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v9.0.0...HEAD)] - 2020-xx-xx]
 
 - Fix doc about spot instances, cluster-autoscaler should be scheduled on normal instances instead of spot (by @simowaer)
+- Adding `encrypted` option to worker's root_block_device as read from the worker configurations (by @craig-rueda)
 
 # History
 
diff --git a/workers.tf b/workers.tf
index 8d20bd8..4c1a6a0 100644
--- a/workers.tf
+++ b/workers.tf
@@ -185,6 +185,11 @@ resource "aws_launch_configuration" "workers" {
   )
 
   root_block_device {
+    encrypted = lookup(
+      var.worker_groups[count.index],
+      "root_encrypted",
+      local.workers_group_defaults["root_encrypted"],
+    )
     volume_size = lookup(
       var.worker_groups[count.index],
       "root_volume_size",