From e6d6b8bde79a397fe85017f0dd6683fb7eec938b Mon Sep 17 00:00:00 2001
From: Sarah Gibson <drsarahlgibson@gmail.com>
Date: Thu, 22 Aug 2024 17:22:50 +0100
Subject: [PATCH] Ensure EFS instances are encrypted

---
 terraform/aws/efs.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/terraform/aws/efs.tf b/terraform/aws/efs.tf
index 29f064aa27..4463b01da7 100644
--- a/terraform/aws/efs.tf
+++ b/terraform/aws/efs.tf
@@ -43,10 +43,11 @@ data "aws_security_group" "cluster_nodes_shared_security_group" {
 # for an accurate cost allocation per hub of home directory storage.
 # https://github.com/2i2c-org/infrastructure/issues/4453
 resource "aws_efs_file_system" "hub_homedirs" {
-  for_each = var.filestores
-  tags = merge(var.tags, each.value.tags, {
+  for_each  = var.filestores
+  tags      = merge(var.tags, each.value.tags, {
     Name = each.value.name_suffix == null ? "hub-homedirs" : "hub-homedirs-${each.value.name_suffix}"
   })
+  encrypted = true
 
   # Transition files to a slower, cheaper backing medium 90 days
   # after they were last *accessed*. They will be transferred back to regular