I have been exploring AWS EKS managed node groups node root volume encryption through Terraform module. Found the below documentation from terraform, as this can be done by AWS-launch-template.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template
From the configuration details,
The ebs block supports the following:
delete_on_termination - Whether the volume should be destroyed on instance termination. Defaults to false if not set. See Preserving Amazon EBS Volumes on Instance Termination for more information. encrypted - Enables EBS encryption on the volume (Default: false). Cannot be used with snapshot_id.
But AMI id is from community AMI, so EBS volumes comes from Snapshot.
Now any approach about root volume encryption in AWS EKS Managed node groups node? I am using K8s version 1.21 now.