alphagov / cyber-security-windows-sandbox

Build a windows domain in AWS with terraform with a DC and WEC event forwarding.
MIT License
3 stars 0 forks source link

Replace keypair references with a local-exec generated one ^ #8

Closed danjoneslf closed 3 years ago

danjoneslf commented 3 years ago

If this is transitory hardware that we apply and destroy in a pipeline we can probably create and destroy the keypair in the pipeline/terraform as well. We could local-exec an ssh-keygen and then read them with file() and put them in SSM for safe keeping.

danjoneslf commented 3 years ago

The problem we had switching keypairs was caused by the ssh-keygen change from RSA to OPENSSH format which TF rsadecrypt doesn't understand. You can create a keypair that works like this:

openssl genrsa -out ~/.ssh/test-5 2048
chmod 400 ~/.ssh/test-5
ssh-keygen -y -f ~/.ssh/test-5 > ~/.ssh/test-5.pub