[tor-commits] [metrics-cloud/master] cfn/onionperf: selection of ssh key based on aws iam user

irl at torproject.org irl at torproject.org
Thu Feb 13 14:42:38 UTC 2020 

commit 8275a2466bc82c963d1c6e7c210746bc1cceecd6
Author: Ana Custura <ana at netstat.org.uk>
Date:   Sat Nov 23 19:05:55 2019 +0000

    cfn/onionperf: selection of ssh key based on aws iam user
---
 cloudformation/identify_user.sh  | 16 ++++++++++++++++
 cloudformation/onionperf-dev.yml | 10 +++++++---
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/cloudformation/identify_user.sh b/cloudformation/identify_user.sh
new file mode 100755
index 0000000..f01bbc5
--- /dev/null
+++ b/cloudformation/identify_user.sh
@@ -0,0 +1,16 @@
+#!/bin/zsh
+#aws ec2 describe-key-pairs | jq -r '.KeyPairs[].KeyName' | grep `aws iam get-user | jq -r .User.UserName`
+declare -A keypairs
+keypairs[acute]="acute yubikey 4"
+keypairs[irl]="irl macbook 16"
+keypairs[karsten]="karsten's key"
+
+cur_user=$(aws iam get-user | jq -r .User.UserName)
+
+for key val in ${(kv)keypairs}; do
+    if [ $key = $cur_user ]; then
+        echo $val;
+        break
+    fi
+done
+
diff --git a/cloudformation/onionperf-dev.yml b/cloudformation/onionperf-dev.yml
index df77c19..6ac711c 100644
--- a/cloudformation/onionperf-dev.yml
+++ b/cloudformation/onionperf-dev.yml
@@ -1,9 +1,12 @@
 ---
 # CloudFormation Stack for OnionPerf development instance
 # This stack will only deploy on us-east-1 and will deploy in the Metrics VPC
-# TODO: Generalise the SSH key to use
-# aws cloudformation deploy --region us-east-1 --stack-name `whoami`-onionperf-dev --template-file onionperf-dev.yml
+# aws cloudformation deploy --region us-east-1 --stack-name `whoami`-onionperf-dev  --parameter-overrides myKeyPair="$(./identify_user.sh)" --template-file onionperf-dev.yml
 AWSTemplateFormatVersion: 2010-09-09
+Parameters:
+  myKeyPair:
+    Description: Amazon EC2 Key Pair
+    Type: "AWS::EC2::KeyPair::KeyName"
 Resources:
   Instance:
     Type: AWS::EC2::Instance
@@ -13,7 +16,8 @@ Resources:
       InstanceType: t2.micro
       SubnetId:
         Fn::ImportValue: !Sub 'MetricsSubnet'
-      KeyName: "irl yubikey 4"
+      KeyName:
+        Ref: myKeyPair
       SecurityGroupIds:
         - Fn::ImportValue: !Sub 'MetricsInternetSecurityGroup'
         - Fn::ImportValue: !Sub 'MetricsPingableSecurityGroup'

More information about the tor-commits mailing list