diff --git a/API.md b/API.md
index b0315a78..0c4d351d 100644
--- a/API.md
+++ b/API.md
@@ -2209,6 +2209,7 @@ Included components:
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProvider.property.labels">labels</a></code> | <code>string[]</code> | Labels associated with this provider. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProvider.property.logGroup">logGroup</a></code> | <code>aws-cdk-lib.aws_logs.ILogGroup</code> | Log group where provided runners will save their logs. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProvider.property.retryableErrors">retryableErrors</a></code> | <code>string[]</code> | List of step functions errors that should be retried. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProvider.property.launchTemplate">launchTemplate</a></code> | <code>aws-cdk-lib.aws_ec2.LaunchTemplate</code> | Launch template for the created instance. |
 
 ---
 
@@ -2286,6 +2287,18 @@ List of step functions errors that should be retried.
 
 ---
 
+##### `launchTemplate`<sup>Optional</sup> <a name="launchTemplate" id="@cloudsnorkel/cdk-github-runners.EcsRunnerProvider.property.launchTemplate"></a>
+
+```typescript
+public readonly launchTemplate: LaunchTemplate;
+```
+
+- *Type:* aws-cdk-lib.aws_ec2.LaunchTemplate
+
+Launch template for the created instance.
+
+---
+
 
 ### FargateRunner <a name="FargateRunner" id="@cloudsnorkel/cdk-github-runners.FargateRunner"></a>
 
@@ -6187,6 +6200,7 @@ const ecsRunnerProviderProps: EcsRunnerProviderProps = { ... }
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.securityGroups">securityGroups</a></code> | <code>aws-cdk-lib.aws_ec2.ISecurityGroup[]</code> | Security groups to assign to the task. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.spot">spot</a></code> | <code>boolean</code> | Use spot capacity. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.spotMaxPrice">spotMaxPrice</a></code> | <code>string</code> | Maximum price for spot instances. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.storageKey">storageKey</a></code> | <code>aws-cdk-lib.aws_kms.IKey</code> | Options for runner instance storage volume. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.storageOptions">storageOptions</a></code> | <code><a href="#@cloudsnorkel/cdk-github-runners.StorageOptions">StorageOptions</a></code> | Options for runner instance storage volume. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.storageSize">storageSize</a></code> | <code>aws-cdk-lib.Size</code> | Size of volume available for launched cluster instances. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.subnetSelection">subnetSelection</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetSelection</code> | Subnets to run the runners in. |
@@ -6458,6 +6472,18 @@ Maximum price for spot instances.
 
 ---
 
+##### `storageKey`<sup>Optional</sup> <a name="storageKey" id="@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.storageKey"></a>
+
+```typescript
+public readonly storageKey: IKey;
+```
+
+- *Type:* aws-cdk-lib.aws_kms.IKey
+
+Options for runner instance storage volume.
+
+---
+
 ##### `storageOptions`<sup>Optional</sup> <a name="storageOptions" id="@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.storageOptions"></a>
 
 ```typescript
diff --git a/src/providers/ecs.ts b/src/providers/ecs.ts
index 12413fe5..1ae694d1 100644
--- a/src/providers/ecs.ts
+++ b/src/providers/ecs.ts
@@ -157,6 +157,11 @@ export interface EcsRunnerProviderProps extends RunnerProviderProps {
    */
   readonly maxInstances?: number;
 
+  /**
+   * Options for runner instance storage volume.
+   */
+  readonly storageKey?: cdk.aws_kms.IKey;
+
   /**
    * Size of volume available for launched cluster instances. This modifies the boot volume size and doesn't add any additional volumes.
    *
@@ -263,6 +268,12 @@ export class EcsRunnerProvider extends BaseProvider implements IRunnerProvider {
     });
   }
 
+  /**
+   * Launch template for the created instance
+   */
+  public launchTemplate?: ec2.LaunchTemplate;
+
+
   /**
    * Cluster hosting the task hosting the runner.
    */
@@ -395,6 +406,8 @@ export class EcsRunnerProvider extends BaseProvider implements IRunnerProvider {
                 volumeType: props.storageOptions?.volumeType,
                 iops: props.storageOptions?.iops,
                 throughput: props.storageOptions?.throughput,
+                encrypted: props.storageKey ? true : undefined,
+                kmsKey: props.storageKey ?? undefined,
               },
             },
           },