Skip to content

silopolis/terraform-aws-secure-ssh-key

BranchesTags
 
 

Repository files navigation

terraform-aws-secure-ssh-key

Creates an ssh key with a Lambda data source and saves it in a secrets manager secret, allowing the creation of ssh keys without saving them in state

tflint tfsec yamllint misspell pre-commit-check

Example

Here's what using the module will look like

module "secure_ssh_key" {
  source  = "rhythmictech/secure-ssh-key/aws"
  version = "~> 2.0.1"

  name   = "my-secure-key"
}

output "secret_name" {
  value = module.secure_ssh_key.privkey_secret_name
}

About

Creates an ssh key with a Lambda data source and saves it in a secrets manager secret, allowing the creation of ssh keys without saving them in state

Dependencies

  • Python >= 3.8

Requirements

Name Version
terraform >= 0.12.28
aws >= 2.45.0, < 4.0.0
external ~> 1.2
null ~>2.1.2

Providers

Name Version
aws 3.75.1
external 1.2.0
null 2.1.2

Modules

Name Source Version
lambda_version rhythmictech/find-release-by-semver/github >= 1.0.0-rc1, < 2.0.0
pubkey matti/resource/shell ~> 1.0.7

Resources

Name Type
aws_cloudwatch_log_group.this resource
aws_iam_role.this resource
aws_iam_role_policy.secret_write resource
aws_iam_role_policy_attachment.lambda_basic_execution resource
aws_lambda_function.this resource
aws_secretsmanager_secret.privkey resource
aws_secretsmanager_secret.pubkey resource
null_resource.lambda_invoke resource
null_resource.lambda_zip resource
aws_iam_policy_document.assume data source
aws_iam_policy_document.secret_write data source
external_external.sha data source

Inputs

Name Description Type Default Required
keepers Arbitrary map of values that when changed will force a new password map(string) {} no
key_bits Number of bits to be used in RSA key generation number 2048 no
lambda_version_constraint NPM-style version constraint for the version of the lambda code you want to use string "^1.0.2-rc2" no
name Moniker to apply to all resources in the module string n/a yes
secret_description Set a description for the secret string "An SSH key secret by Terraform" no
tags User-Defined tags map(string) {} no

Outputs

Name Description
privkey_secret_arn The ARN of the SecretsManager privkey Secret
privkey_secret_name The name of the privkey secret
pubkey_secret_arn The ARN of the SecretsManager privkey Secret
pubkey_secret_name The name of the privkey secret
ssh_pubkey The SSH pubkey

The Giants Underneath this Module

About

Creates an SSH key with a Lambda data source and saves it in a Secrets Manager secret, allowing the creation of SSH keys without saving them in Terraform state.

registry.terraform.io/modules/rhythmictech/secure-ssh-key/aws/latest

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

16 tags

Packages

 
 
 

Contributors

Languages

  • HCL 80.4%
  • Shell 19.6%