make the private Key downloadable
Closed this issue · 12 comments
Hi, so far evth is working nicely, the only thing I cant do is using the keypair I have generated to ssh into an EC2 instance since I cannot download the private key. Could you add this feature please. merci
@aerioeus , you can easily "download" to key through ssm:
aws ssm --query Parameter.Value ---output text get-parameter --name $PARAMETER_NAME --with-decryption
merci, but i produces no result:
xxx@machine1: xxx (master) $ aws ssm --query Parameter.Value --output text get-parameters --name EC2KeyPair --with-decryption
None
xxx@machine1: xxx (master) $
What am I doing wrong? In the end I want to have the EC2Keypair.pem
on my local drive...
you are using get-parameters not get-parameter (singular).
Merci, which parameter do I need to use in order to get the key.pem - since I guess Parameter.Value needs to be replaced
remove the s from get-parameters.... If you insist on calling get-parameters (plural) change your query to Parameters[0].Value
sorry, somehow thats not gonna work:
xxx@machine1: xxx (master) $ aws ssm --query Parameters[0].Value --output text get-parameters --name ECSKeyPair --with-decryption
None
xxx@machine1: xxx (master) $ aws ssm --query Parameters[0].Value --output text get-parameters --name ec2-key --with-decryption
None
xxx@machine1: xxx (master) $ aws ssm --query Parameter.Value --output text get-parameters --name ec2-key --with-decryption
None
But the keys exist of course
please use exactly as I wrote:
aws ssm get-parameter --name $NAME --with-decryption --output text --query Parameter.Value
sorry for being so clumsy, but it doesnt work:
Thats my cfn-code:
CustomPrivateKey:
Type: Custom::RSAKey
Properties:
Name: "/dev/private-key"
KeyAlias: alias/aws/ssm
ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-secret-provider'
ECSKeyPair:
Type: Custom::KeyPair
DependsOn: CustomPrivateKey
Properties:
Name: ECSKeyPair
PublicKeyMaterial: !GetAtt 'PrivateKey.PublicKey'
ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-secret-provider'
so I assume the correct line to download the .pem file would be:
aws ssm get-parameter --name CustomPrivateKey --with-decryption --output text --query Parameter.Value
but that only yields an error...
You have specified the name of your private key in the SSM parameter store as "/dev/private-key". Use that name to retrieve the value from SSM:
aws ssm get-parameter --name /dev/private-key --with-decryption --output text --query Parameter.Value
Merci, finally It worked. Great, sorry for my slow understanding in this case. I appreciate very much you taking your time to guide me through it.
One final question: the download begins with:
----BEGIN PRIVATE KEY-----
whereas any ˋkeypair.pemˋ I have download begins with‘
-----BEGIN RSA PRIVATE KEY-----
....
Do I need to adjust that or doesn’t it matter for using the key to SSH into EC2 Instances?
Again much obliged Mark‘
Andreas
@aerioeus, it does not matter for ssh'ing into the ec2 machines.
The '-----BEGIN RSA PRIVATE KEY----' is the traditional OpenSSL format. The ` '-----BEGIN PRIVATE KEY----' is the new PKCS8 format.
merci for your patience!