-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS: Implement resource to upload codecommit SSH keys for an IAM user #5744
Comments
@keymon just a FYI, I have started a PR for this func |
Hi @keymon this has been merged to master :) Paul |
Wow, that was so quick!!! Thank you |
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. But terraform does not currently support upload ssh keys, although the PR is in master and will be released soon: hashicorp/terraform#5744 hashicorp/terraform#5774 To workaround this, we implemented the following workaround: 1. One template_file which contains the public key. If it changes, it will run a script `aws-upload-aws-key.sh` to upload the SSH key to the user. The script takes care of duplicates. 2. A template_file resource will read from a `id_rsa_key_id`, and execute a script to query the ID if the file has changed since last execution. This ensures that the file is updated. We must commit a empty file to avoid terraform fail the first run. 3. Another template_file which reads the previous populated `id_rsa_key_id` file. This allows read the file content and expose it as a terraform output. This workaround can be removed and replaced as the resource `aws_iam_user_ssh_key` is supported and released in the official terraform release.
Just FYI, I paste here a workaround to implement the feature inside of terraform with awscli. But Ofc, better use the official provider that @stack72 quickly implemented as soon as it is ready.
|
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. But terraform does not currently support upload ssh keys, although the PR is in master and will be released soon: hashicorp/terraform#5744 hashicorp/terraform#5774 To workaround this, we implemented the following workaround: 1. One template_file which contains the public key. If it changes, it will run a script `aws-upload-aws-key.sh` to upload the SSH key to the user. The script takes care of duplicates. 2. A template_file resource will read from a `id_rsa_key_id`, and execute a script to query the ID if the file has changed since last execution. This ensures that the file is updated. We must commit a empty file to avoid terraform fail the first run. 3. Another template_file which reads the previous populated `id_rsa_key_id` file. This allows read the file content and expose it as a terraform output. This workaround can be removed and replaced as the resource `aws_iam_user_ssh_key` is supported and released in the official terraform release.
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: hashicorp/terraform#5744 hashicorp/terraform#5774
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: hashicorp/terraform#5744 hashicorp/terraform#5774
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: hashicorp/terraform#5744 hashicorp/terraform#5774
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: hashicorp/terraform#5744 hashicorp/terraform#5774
In order to access the codecommit repository via SSH, we must upload a SSH key. We add a required variable for the concourse terraform: `git_rsa_id_pub`, which must have the public SSH key to add, and a new output `git_ssh_key_id` which is the key id of the ssh key and the user that must be used when connecting to the codecommit git repo. We use the resource `aws_iam_user_ssh_key` which has been added in this issue and PR: hashicorp/terraform#5744 hashicorp/terraform#5774
We want to upload the generated SSH key to the created git user. We use the resource `aws_iam_user_ssh_key` from terraform, implemented in hashicorp/terraform#5744 so this requires an updated version of terraform. We retrieve the generated key as a s3 resource and pass it to terraform as a TF_VAR_ variable. After the key is uploaded, AWS assigns it a unique id which must be used as user for SSH when connecting to the codecommit git repositories. We render and output a full url with that ssh_key_id and the ssh url of the repository, using scp like connect strings.
We want to upload the generated SSH key to the created git user. We use the resource `aws_iam_user_ssh_key` from terraform, implemented in hashicorp/terraform#5744 so this requires an updated version of terraform. We retrieve the generated key as a s3 resource and pass it to terraform as a TF_VAR_ variable. After the key is uploaded, AWS assigns it a unique id which must be used as user for SSH when connecting to the codecommit git repositories. We render and output a full url with that ssh_key_id and the ssh url of the repository. Note that the url must be in the ssh:// format, or codecommit will drop the git connections.
We want to upload the generated SSH key to the created git user. We use the resource `aws_iam_user_ssh_key` from terraform, implemented in _hashicorp/terraform#5744 so this requires an updated version of terraform. We retrieve the generated key as a s3 resource and pass it to terraform as a TF_VAR_ variable. After the key is uploaded, AWS assigns it a unique id which must be used as user for SSH when connecting to the codecommit git repositories. We render and output a full url with that ssh_key_id and the ssh url of the repository. Note that the url must be in the ssh:// format, or codecommit will drop the git connections.
We want to upload the generated SSH key to the created git user. We use the resource `aws_iam_user_ssh_key` from terraform, implemented in _hashicorp/terraform#5744 so this requires an updated version of terraform. We retrieve the generated key as a s3 resource and pass it to terraform as a TF_VAR_ variable. After the key is uploaded, AWS assigns it a unique id which must be used as user for SSH when connecting to the codecommit git repositories. We render and output a full url with that ssh_key_id and the ssh url of the repository. Note that the url must be in the ssh:// format, or codecommit will drop the git connections.
We want to upload the generated SSH key to the created git user. We use the resource `aws_iam_user_ssh_key` from terraform, implemented in _hashicorp/terraform#5744 so this requires an updated version of terraform. We retrieve the generated key as a s3 resource and pass it to terraform as a TF_VAR_ variable. After the key is uploaded, AWS assigns it a unique id which must be used as user for SSH when connecting to the codecommit git repositories. We render and output a full url with that ssh_key_id and the ssh url of the repository. Note that the url must be in the ssh:// format, or codecommit will drop the git connections.
We want to upload the generated SSH key to the created git user. We use the resource `aws_iam_user_ssh_key` from terraform, implemented in _hashicorp/terraform#5744 so this requires an updated version of terraform. We retrieve the generated key as a s3 resource and pass it to terraform as a TF_VAR_ variable. After the key is uploaded, AWS assigns it a unique id which must be used as user for SSH when connecting to the codecommit git repositories. We render and output a full url with that ssh_key_id and the ssh url of the repository. Note that the url must be in the ssh:// format, or codecommit will drop the git connections.
We want to upload the generated SSH key to the created git user. We use the resource `aws_iam_user_ssh_key` from terraform, implemented in _hashicorp/terraform#5744 so this requires an updated version of terraform. We retrieve the generated key as a s3 resource and pass it to terraform as a TF_VAR_ variable. After the key is uploaded, AWS assigns it a unique id which must be used as user for SSH when connecting to the codecommit git repositories. We render and output a full url with that ssh_key_id and the ssh url of the repository. Note that the url must be in the ssh:// format, or codecommit will drop the git connections.
We want to upload the generated SSH key to the created git user. We use the resource `aws_iam_user_ssh_key` from terraform, implemented in _hashicorp/terraform#5744 so this requires an updated version of terraform. We retrieve the generated key as a s3 resource and pass it to terraform as a TF_VAR_ variable. After the key is uploaded, AWS assigns it a unique id which must be used as user for SSH when connecting to the codecommit git repositories. We render and output a full url with that ssh_key_id and the ssh url of the repository. Note that the url must be in the ssh:// format, or codecommit will drop the git connections.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
CodeCommit can be accessed via SSH. For that, you need a IAM user with the right policy and with some public SSH keys to access code commit uploaded. More info here.
The keys can be uploaded with
awscli
:It would be great if terraform had a resource to upload, delete or update existing SSH keys on a IAM user. It might be called
aws_iam_ssh_public_key
, and it should work similar to theiam_access_key
and theaws_key_pair
resources:More or less like this:
The text was updated successfully, but these errors were encountered: