A simple utility that allows you import a public key into all AWS regions with a single command.
Table of Contents
Use the Makefile
to build aws-keymaster
:
make build
To build a docker container:
docker build -t aws-keymaster .
Before running aws-keymaster
, you need to ensure that you have configured access to your AWS account. You can do so by using the AWS CLI to configure your development machine. Alternatively, you can configure credentials by creating a file called ~/.aws/credentials
with contents that look something like this:
[default]
aws_access_key_id = AKID1234567890
aws_secret_access_key = MY-SECRET-KEY
Or, you can use environment variables to configure your credentials.
AWS_ACCESS_KEY_ID=AKID1234567890
AWS_SECRET_ACCESS_KEY=MY-SECRET-KEY
Amazon has a blog post with more information about how to configure your AWS credentials.
The credentials you use must be associated with an IAM user that has sufficient permissions to import keypairs in all regions.
Usage:
aws-keymaster [command]
Available Commands:
import Imports a public key into all AWS regions
delete Deletes a keypair from all AWS regions
version Display the version of aws-keymaster
Flags:
--dry-run[=false]: Checks whether you have the required permissions, without attempting the request
-h, --help[=false]: help for aws-keymaster
Use "aws-keymaster [command] --help" for more information about a command.
Imports a public key with the specified name and public key to all AWS regions
Usage:
aws-keymaster import [name] [public key file] [flags]
Global Flags:
--dry-run[=false]: Checks whether you have the required permissions, without attempting the request
To import a public key to all regions, you use the import
command. It requires two arguments: the name of the key pair and the path to the public key on your file system.
./bin/aws-keymaster import mykey ~/.ssh/id_rsa.pub
eu-west-1: Imported keypair 'mykey' - 57:bf:37:68:69:18:29:aa:4d:da:f7:1b:e6:28:4e:e8
ap-southeast-1: Imported keypair 'mykey' - 57:bf:37:68:69:18:29:aa:4d:da:f7:1b:e6:28:4e:e8
...
If you do not pass in those arguments, aws-keymaster
will prompt you for them.
./bin/aws-keymaster import
Key Name: mypubkey
Public key [/Users/ryan/.ssh/id_rsa.pub]:
eu-west-1: Imported keypair 'mypubkey' - 57:bf:37:68:69:18:29:aa:4d:da:f7:1b:e6:28:4e:e8
...
Deletes a keypair with the specified name from all AWS regions
Usage:
aws-keymaster delete [name] [flags]
Flags:
-f, --force[=false]: Delete keypairs without prompting
Global Flags:
--dry-run[=false]: Checks whether you have the required permissions, without attempting the request
To delete a keypair called keypairname
from all regions, you can use the delete
subcommand:
./bin/aws-keymaster delete keypairname
Are you sure you want to delete keypair 'testing'? (yes/no) [no]: yes
eu-west-1: Deleted keypair 'keypairname'
ap-southeast-1: Deleted keypair 'keypairname'
...
You can delete a keypair without prompting by using the --force
flag:
./bin/aws-keymaster delete keypairname --force
For both the import
and delete
commands, you can use the --dry-run
flag to confirm that your AWS credentials have the sufficient permissions to perform the operations:
./bin/aws-keymaster import mykey ~/.ssh/id_rsa.pub --dry-run
[Dry Run] eu-west-1: Imported keypair 'mykey'
[Dry Run] ap-southeast-1: Imported keypair 'mykey'
...
If you are running aws-keymaster
from a docker container, you will likely need to use a volume mount in order to be able to specify a public key on the local file system. In addition, you may need to use environment variables to pass in your AWS credentials. The example below illustrates how to use the docker container to run the import
command:
docker run --rm -it -v ~/.ssh/:/ssh -e "AWS_ACCESS_KEY_ID=AKID1234567890" -e "AWS_SECRET_ACCESS_KEY=MY-SECRET-KEY" ryane/aws-keymaster import dockertest /ssh/id_rsa.pub
aws-keymaster
is released under the Apache 2.0 license (see LICENSE)