[tor-bugs] #32726 [- Select a component]: Automate the selection of SSH key in the CloudFormation templates
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 11 10:32:39 UTC 2019
#32726: Automate the selection of SSH key in the CloudFormation templates
--------------------------------------+--------------------
Reporter: acute | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID: #32725
Points: | Reviewer:
Sponsor: |
--------------------------------------+--------------------
From emailing irl:
> The best I can come up with (for now) for automated ssh key selection:
>
> aws cloudformation deploy --region us-east-1 --stack-name `whoami
`-onionperf-dev --parameter-overrides myKeyPair="$(./identify_user.sh)"
--template-file onionperf-dev.yml
>
> ...where identify_user.sh is:
> #!/bin/bash
> aws ec2 describe-key-pairs | jq -r '.KeyPairs[].KeyName' | grep `aws
iam get-user | jq -r .User.UserName`
>
> This assumes that:
> 1. The username currently logged in on the machine is part of the key
pair name
> 2. There is only one key that will match a username. It would be nice to
use more than one key, however AWS does NOT support multiple keypairs
during stack creation/deployment
> 3. The developer has jq installed
>
> I dislike this solution as it is very fragile but not sure where to go
from here....thoughts?
Other stuff already depends on jq. You can't easily do aws without it.
Instead of fuzzy matching though, can we have static mappings in a table
somewhere of username to key name?
We probably only have like 3 or 4 users maximum.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32726>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list