Skip to content
/ aws-cloudformation-keypair Public

Custom::KeyPair is a CloudFormation custom resource Lambda function, written in Go

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dweomer/aws-cloudformation-keypair

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
aws/ec2/keypair
aws/ec2/keypair
 
 
cmd/key-pair
cmd/key-pair
 
 
.gitignore
.gitignore
 
 
Gopkg.lock
Gopkg.lock
 
 
Gopkg.toml
Gopkg.toml
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
template.yaml
template.yaml
 
 

Repository files navigation

Custom::KeyPair

A custom resource Lambda function for creating EC2 key-pairs, written in Go, and suitable for direct invocation by CloudFormation. The private key material is pushed into an associated SSM Parameter.

Rationale

Well, at the time of this writing the EC2 key-pair is not a supported resource type in CloudFormation and I really wanted it to be. You see, for demonstration purposes, I'm a big fan of as-self-contained-as-possible infrastructure definitions. I really hate specifying parameters for my templates (everything should have a default). Because, have you seen the aws cloudformation CLI for specifying parameters? /me shudders

Additionally, for those teams that aren't yet spun up on or are otherwise unable to leverage Terraform or other infrastructure-as-code development tools, this implementation requires no tooling other than the AWS CLI and optionally the SAM CLI for testing.

Design

Declarative EC2 Key-Pair With Key Material Dumped into an SSM Parameter (SecureString)

AS A developer of infrastructure I WANT to create SSH key-pairs for EC2 instances by declaring such in a CloudFormation template SO THAT when applying said template I am not required to have first created, out of band, EC2 key-pair(s).

Input Properties

  • optional KeyName the EC2 KeyPair name

  • optional ParameterPath the SSM Parameter name prefix

    • if not specified, this will default to /ec2/key-pair

  • optional ParameterKeyId which represents the encryption key used to encipher the private key material

    • if not specified, this will default to alias/aws/ssm

  • optional ParameterDescription

    • if not specified, this will default to value of the key fingerprint

  • optional ParameterOverwrite determines if a parameter with the existing name with be overwritten with a new version

    • if not specified, this will default to false

Output Attributes

TODO

  • support indirect invocation via SNS
  • support alternative methods for handling the private key material, such as:
    • cipher-text as an attribute, suitable for use in an output (NoEcho?)
    • Simple Storage Service (S3)
    • Secrets Manager
    • HTTP PUT

About

Custom::KeyPair is a CloudFormation custom resource Lambda function, written in Go

Topics

golang lambda cloudformation cloudformation-template serverless-application-model cloudformation-custom-resource

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages