AWS ec2 key-pair consolelink fails with error

[mpurusottamc]

When trying to generate console link for key-pair, getting the below error:

AWS service ec2 resource type key-pair/<key_name> not supported
File "/var/task/cloudconsolelink/clouds/aws/__init__.py", line 99, in get_console_link
    raise ValueError(f"AWS service {data['service']} resource type {data['resourceType']} not supported")

Code:

from cloudconsolelink.clouds.aws import AWSLinker

aws_console_link = AWSLinker()
key_pair['consolelink'] = aws_console_link.get_console_link(arn=key_pair['arn'])

[ganeshjagdale9545]

@mpurusottamc can you check the arn format of key-pair is correct? arn:aws:ec2:<region>:<account>:key-pair/<key_name> i have tested with this arn format it works ok

[mpurusottamc]

@ganeshjagdale9545 According to AWS documentation (https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-resources-for-iam-policies), it's this format:

arn:${Partition}:ec2:${Region}:${Account}:key-pair/${KeyPairName}

[ganeshjagdale9545]

@ganeshjagdale9545 According to AWS documentation (https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-resources-for-iam-policies), it's this format:

arn:${Partition}:ec2:${Region}:${Account}:key-pair/${KeyPairName}

both are the same format

[mpurusottamc]

@ganeshjagdale9545 Let me review this again.

[mpurusottamc]

ok, found the use case. for key pairs (auto generated for eks, ecs, etc) the format is slightly different and in that case, the link generation fails.

arn:aws:ec2:ap-south-1:<aws_account_id>:key-pair/eksctl-abcdef-cluster-nodegroup-ci-nodes-ab:3c:3c:9d:9e:df:0c:02:dd:29:2e:42:03:aa:0b:41

[mpurusottamc]

Similar issue occurs for Security Groups as well.

Example group:

arn:aws:ec2:ap-southeast-1:<aws_account_id>:security-group/default:vpc-21fgh1p1