Opened 9 months ago

Closed 7 months ago

#32726 closed enhancement (fixed)

Automate the selection of SSH key in the CloudFormation templates

Reported by: acute Owned by: metrics-team
Priority: Medium Milestone:
Component: Metrics/Cloud Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #32725 Points:
Reviewer: irl Sponsor:

Description

From emailing irl:

The best I can come up with (for now) for automated ssh key selection:

aws cloudformation deploy --region us-east-1 --stack-name whoami-onionperf-dev --parameter-overrides myKeyPair="$(./identify_user.sh)" --template-file onionperf-dev.yml

...where identify_user.sh is:
#!/bin/bash
aws ec2 describe-key-pairs | jq -r '.KeyPairs[].KeyName' | grep aws iam get-user | jq -r .User.UserName

This assumes that:

  1. The username currently logged in on the machine is part of the key pair name
  2. There is only one key that will match a username. It would be nice to use more than one key, however AWS does NOT support multiple keypairs during stack creation/deployment
  3. The developer has jq installed

I dislike this solution as it is very fragile but not sure where to go from here....thoughts?

Other stuff already depends on jq. You can't easily do aws without it.

Instead of fuzzy matching though, can we have static mappings in a table
somewhere of username to key name?

We probably only have like 3 or 4 users maximum.

Child Tickets

Change History (8)

comment:1 Changed 9 months ago by acute

Component: - Select a componentMetrics/Cloud
Owner: set to metrics-team

comment:2 Changed 8 months ago by gaba

Status: newneeds_review

comment:3 Changed 8 months ago by irl

Reviewer: irl
Status: needs_reviewneeds_revision

comment:5 Changed 8 months ago by acute

Status: needs_revisionneeds_review

comment:6 Changed 7 months ago by irl

Status: needs_reviewmerge_ready

https://github.com/torproject/metrics-cloud/pull/1 is what I reviewed.

This is looking good, and ready for merge. I suggest we use this script for all of the CloudFormation templates so we have a single place to keep SSH key to username mappings.

I'll rebase and merge later today.

comment:7 Changed 7 months ago by irl

This is merged now.

comment:8 Changed 7 months ago by irl

Resolution: fixed
Status: merge_readyclosed
Note: See TracTickets for help on using tickets.