[metrics-cloud/master] cfn/onionperf: selection of ssh key based on aws iam user
commit 8275a2466bc82c963d1c6e7c210746bc1cceecd6 Author: Ana Custura <ana@netstat.org.uk> Date: Sat Nov 23 19:05:55 2019 +0000 cfn/onionperf: selection of ssh key based on aws iam user --- cloudformation/identify_user.sh | 16 ++++++++++++++++ cloudformation/onionperf-dev.yml | 10 +++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/cloudformation/identify_user.sh b/cloudformation/identify_user.sh new file mode 100755 index 0000000..f01bbc5 --- /dev/null +++ b/cloudformation/identify_user.sh @@ -0,0 +1,16 @@ +#!/bin/zsh +#aws ec2 describe-key-pairs | jq -r '.KeyPairs[].KeyName' | grep `aws iam get-user | jq -r .User.UserName` +declare -A keypairs +keypairs[acute]="acute yubikey 4" +keypairs[irl]="irl macbook 16" +keypairs[karsten]="karsten's key" + +cur_user=$(aws iam get-user | jq -r .User.UserName) + +for key val in ${(kv)keypairs}; do + if [ $key = $cur_user ]; then + echo $val; + break + fi +done + diff --git a/cloudformation/onionperf-dev.yml b/cloudformation/onionperf-dev.yml index df77c19..6ac711c 100644 --- a/cloudformation/onionperf-dev.yml +++ b/cloudformation/onionperf-dev.yml @@ -1,9 +1,12 @@ --- # CloudFormation Stack for OnionPerf development instance # This stack will only deploy on us-east-1 and will deploy in the Metrics VPC -# TODO: Generalise the SSH key to use -# aws cloudformation deploy --region us-east-1 --stack-name `whoami`-onionperf-dev --template-file onionperf-dev.yml +# aws cloudformation deploy --region us-east-1 --stack-name `whoami`-onionperf-dev --parameter-overrides myKeyPair="$(./identify_user.sh)" --template-file onionperf-dev.yml AWSTemplateFormatVersion: 2010-09-09 +Parameters: + myKeyPair: + Description: Amazon EC2 Key Pair + Type: "AWS::EC2::KeyPair::KeyName" Resources: Instance: Type: AWS::EC2::Instance @@ -13,7 +16,8 @@ Resources: InstanceType: t2.micro SubnetId: Fn::ImportValue: !Sub 'MetricsSubnet' - KeyName: "irl yubikey 4" + KeyName: + Ref: myKeyPair SecurityGroupIds: - Fn::ImportValue: !Sub 'MetricsInternetSecurityGroup' - Fn::ImportValue: !Sub 'MetricsPingableSecurityGroup'
participants (1)
-
irl@torproject.org