Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update SSM GPG key for ECS Anywhere install #4474

Merged
merged 1 commit into from
Jan 23, 2025
Merged

Update SSM GPG key for ECS Anywhere install #4474

merged 1 commit into from
Jan 23, 2025
+42 −0

Conversation

danehlim
Copy link
Contributor

@danehlim danehlim commented Jan 22, 2025
edited
Loading

Summary

This adds the latest SSM public key to the aggregate key file for ECS Anywhere SSM Agent installation.

Previous similar pull request here: #3875

Implementation details

See "Summary" section above.

Testing

Manually followed steps to verify the signature of SSM Agent documented here: https://docs.aws.amazon.com/systems-manager/latest/userguide/verify-agent-signature.html

$ gpg --import amazon-ssm-agent.gpg
gpg: key 693ECA21: public key "SSM Agent <ssm-agent-signer@amazon.com>" imported
gpg: key 56BAA549: public key "SSM Agent <ssm-agent-signer@amazon.com>" imported
gpg: key 97DD04ED: public key "SSM Agent <ssm-agent-signer@amazon.com>" imported
gpg: key D0052E5D: public key "SSM Agent <ssm-agent-signer@amazon.com>" imported
gpg: Total number processed: 4
gpg:               imported: 4  (RSA: 4)
gpg: no ultimately trusted keys found

$ gpg --fingerprint D0052E5D
pub   4096R/D0052E5D 2025-01-22 [expires: 2026-07-15]
      Key fingerprint = 4855 A9E6 8332 16D6 A77D  8FE4 51A8 E050 D005 2E5D
uid                  SSM Agent <ssm-agent-signer@amazon.com>

$ curl -o /home/ec2-user/amazon-ssm-agent.rpm.sig https://s3.us-west-2.amazonaws.com/amazon-ssm-us-west-2/latest/linux_amd64/amazon-ssm-agent.rpm.sig

$ curl -o /home/ec2-user/amazon-ssm-agent.rpm https://s3.us-west-2.amazonaws.com/amazon-ssm-us-west-2/latest/linux_amd64/amazon-ssm-agent.rpm

$ gpg --verify amazon-ssm-agent.rpm.sig amazon-ssm-agent.rpm
gpg: Signature made Fri 10 Jan 2025 01:54:18 AM UTC using RSA key ID 97DD04ED
gpg: Good signature from "SSM Agent <ssm-agent-signer@amazon.com>"

New tests cover the changes: no

NOTE: Linux / Linux unit tests Github action for this pull request is currently failing for a reason unrelated to the changes in this pull request. The failing unit tests will be addressed separately in another commit/pull request.

Description for the changelog

Update SSM GPG key for ECS Anywhere install

Additional Information

Does this PR include breaking model changes? If so, Have you added transformation functions?

No

Does this PR include the addition of new environment variables in the README?

No

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@danehlim danehlim marked this pull request as ready for review January 22, 2025 20:58
@danehlim danehlim requested a review from a team as a code owner January 22, 2025 20:58
@danehlim danehlim marked this pull request as draft January 22, 2025 22:17
@danehlim danehlim marked this pull request as ready for review January 22, 2025 23:32
@danehlim danehlim merged commit be04138 into aws:dev Jan 23, 2025
39 of 40 checks passed
@TheanLim TheanLim mentioned this pull request Jan 23, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Yiyuanzzz Yiyuanzzz Yiyuanzzz approved these changes

@singholt singholt singholt approved these changes

@sparrc sparrc sparrc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@danehlim @sparrc @singholt @Yiyuanzzz @amazon-ecs-bot