Ssh – How to associate an ssh key pair with the instance created by a stack in Amazon CloudFormation

amazon ec2amazon-cloudformationssh

Previously I have created an EC2 instance based on an image. During the creation process the Amazon wizard created a key pair and then provided it to me so I could connect.

Now I am trying to use CloudFormation instead, so that my new server has some basic software installed (LAMP stack). But the EC2 instance I end up with has no ssh key pair that I can find.

Is there a way to associate a key pair while creating a stack on CloudFormation?

I've read that there are ways to add the key to the instance's volume by stopping the instance, creating a clone, plus some other steps. But my admin skills in this area are not that strong so I am hoping for something that is (for me) more straightforward.

Hope this makes sense – any help much appreciated!

Best Answer

Is there a way to associate a key pair while creating a stack on CloudFormation?

Sure, it indeed works by associating an existing key pair of yours during the process; the AWS CloudFormation Sample Templates feature respective fragments, e.g. the Simple EC2 instance example contains the fragment you are looking for:

  "Parameters" : {
    "KeyName" : {
      "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",
      "Type" : "String"
    }
  },

  [...]

  "Resources" : {
    "Ec2Instance" : {
      "Type" : "AWS::EC2::Instance",
      "Properties" : {
        "KeyName" : { "Ref" : "KeyName" },
        "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
        "UserData" : { "Fn::Base64" : "80" }
      }
    }
  },

This fragment enables passing the desired key pair name as a parameter, alternatively you could embed the name directly or simply provide a default one.

Good luck!

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Is it possible to update an existing EC2 security group from CloudFormation

Existing SecurityGroups can be updated using SecurityGroupIngress

For example:

"SecurityGroupRedisIngress": {
    "Type": "AWS::EC2::SecurityGroupIngress",
    "Properties" : {   
        "GroupId": "sg-123456789",
        "IpProtocol": "tcp",
        "FromPort": "6379",
        "ToPort": "6379",
        "CidrIp": "1.2.3.4/0"
    }
}

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

Is it possible to update an existing EC2 security group from CloudFormation

Related Topic