We're finding CodeBuild to be an ideal option for running an ETL orchestration script with steps to run/monitor a Glue job, import resulting files into a destination system, etc. In order to import the files, they must be copied from S3 into the local filesystem. The import tool doesn't know how to access S3 objects directly. These files include sensitive data that must be encrypted at rest in all situations.
Is there any way to have a CodeBuild Ubuntu Docker image use an encrypted file system? Going in I thought that should be easy...just have it mount an encrypted EBS volume...but it's not looking as simple as I'd hoped.
Any thoughts are greatly appreciated!