Update SSM GPG key for anywhere installation

[chienhanlin]

Summary

This PR adds a new SSM Agent key to avoid breaking customers who are using the old installation script.
Note that, this repo has been deprecated, since all changes have been migrated and maintained to/in amazon-ecs-agent Github repo.

Find more details in

• Change ecsanywhere install script to point to amazon-ecs-agent repo amazon-ecs-agent#3869
• Update SSM GPG key for anywhere installation amazon-ecs-agent#3875

Implementation details

See aws/amazon-ecs-agent#3875

Testing

Manually testing was performed.
Part 1

$ curl --proto "https" -o "amazon-ssm-agent.gpg" "https://raw.githubusercontent.com/chienhanlin/amazon-ecs-init/updateSSMGpG/scripts/amazon-ssm-agent.gpg"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  5184  100  5184    0     0   158k      0 --:--:-- --:--:-- --:--:--  163k

$ gpg --import amazon-ssm-agent.gpg
gpg: /home/ec2-user/.gnupg/trustdb.gpg: trustdb created
gpg: key 693ECA21: public key "SSM Agent <ssm-agent-signer@amazon.com>" imported
gpg: key 56BAA549: public key "SSM Agent <ssm-agent-signer@amazon.com>" imported
gpg: key 97DD04ED: public key "SSM Agent <ssm-agent-signer@amazon.com>" imported
gpg: Total number processed: 3
gpg:               imported: 3  (RSA: 3)

Part 2

1. Launch an EC2 instance with AMI name: amzn2-ami-hvm-2.0.20230822.0-arm64-gp2
2. Download ECS Anywhere installation script from the S3 bucket, and modify it to use the updated gpg file

curl-helper "$dir/amazon-ssm-agent.gpg" "https://raw.githubusercontent.com/chienhanlin/amazon-ecs-init/updateSSMGpG/scripts/amazon-ssm-agent.gpg"

3. Run the ECS Anywhere installation script

##########################
# Trying to verify the signature of amazon-ecs-init package ... 

/bin/gpg
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 2D51784F: public key "Amazon ECS <ecs-security@amazon.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found
gpg: Signature made Thu 10 Aug 2023 06:45:59 PM UTC using RSA key ID 710E61AF
gpg: Good signature from "Amazon ECS <ecs-security@amazon.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F34C 3DDA E729 26B0 79BE  AEC6 BCE9 D9A4 2D51 784F
     Subkey fingerprint: D64B B6F9 0CF3 77E9 B5FB  346F 50DE CCC4 710E 61AF
amazon-ecs-init GPG verification passed. Install amazon-ecs-init.

# ok
##########################

4. The EC2 instance successfully registers to ECS

New tests cover the changes: no

Description for the changelog

Update SSM GPG key for anywhere installation.

Licensing

This contribution is under the terms of the Apache 2.0 License: