Opened 6 weeks ago

Last modified 6 days ago

#32726 needs_review enhancement

Automate the selection of SSH key in the CloudFormation templates

Reported by: acute Owned by: metrics-team
Priority: Medium Milestone:
Component: Metrics/Cloud Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #32725 Points:
Reviewer: Sponsor:

Description

From emailing irl:

The best I can come up with (for now) for automated ssh key selection:

aws cloudformation deploy --region us-east-1 --stack-name whoami-onionperf-dev --parameter-overrides myKeyPair="$(./identify_user.sh)" --template-file onionperf-dev.yml

...where identify_user.sh is:
#!/bin/bash
aws ec2 describe-key-pairs | jq -r '.KeyPairs[].KeyName' | grep aws iam get-user | jq -r .User.UserName

This assumes that:

  1. The username currently logged in on the machine is part of the key pair name
  2. There is only one key that will match a username. It would be nice to use more than one key, however AWS does NOT support multiple keypairs during stack creation/deployment
  3. The developer has jq installed

I dislike this solution as it is very fragile but not sure where to go from here....thoughts?

Other stuff already depends on jq. You can't easily do aws without it.

Instead of fuzzy matching though, can we have static mappings in a table
somewhere of username to key name?

We probably only have like 3 or 4 users maximum.

Child Tickets

Change History (2)

comment:1 Changed 6 weeks ago by acute

Component: - Select a componentMetrics/Cloud
Owner: set to metrics-team

comment:2 Changed 6 days ago by gaba

Status: newneeds_review
Note: See TracTickets for help on using tickets.