AuthorizedUsersUrl overwrites KeyName keys in authorized_keys file

[skoonin]

Hi, while testing the CI Stack, I ran into a potential issue with your cloudformation stack template for EC2..

If you include both a path to AuthorizedUsersUrl and a KeyName, it seems to overwrite the authorized_key file that the KeyName creates and replaces it with the copy of authorized_users specified by the AuthorizedUsersUrl.

This prevents us from using the AWS Key Pairs in AWS to SSH in. We had to add our own public keys to the file specified by AuthorizedUsersUrl.

Seems that these two should be merged if that's possible?

[keithduncan]

Hi @skoonin I took a look at this and you’re right the cron job that updates the /home/ec2-user/.ssh/authorized_keys file does replace the keys file with the contents of the URL.

I think it would be reasonable to blend this with the public keys listed by instance metadata service to preserve access for the key given in the CloudFormation template’s KeyName parameter.

We had to add our own public keys to the file specified by AuthorizedUsersUrl.

I’m glad you’ve found a workaround for the time being :+1:

I can’t say when someone will get to implementing this, but it does look like a reasonable thing to do :bow: