Open mmadrono opened 1 month ago
Voting for Prioritization
Volunteering to Work on This Issue
Related with this: https://github.com/hashicorp/terraform-provider-aws/issues/30789
Similar #33527
it's common enough use case where a single user may have multiple public keys loaded, for example if a user has multiple source locations, and uinique private/public key pairs for each location. or if a user primary/backup sites use different keys or even multiple users using a common sftp account.
another example is for a user who needs to retire keys that are in use, but wants to add new before removing the old.
implementation should/could following the example I use with cluster parameter groups
main.tf:
resource "aws_rds_cluster_parameter_group" "param_group" {
name = var.param_group_name
family = var.aurora_family
description = var.description
dynamic "parameter" {
for_each = var.param_list
content {
name = parameter.value.name
value = parameter.value.value
apply_method = parameter.value.apply_method
}
}
}
variables.tf:
variable "param_list" {
type = list
default = [
{
name = "character_set_server",
value = "utf8",
apply_method = "immediate"
},
{
name = "character_set_client",
value = "utf8",
apply_method = "immediate"
}
]
}
a proposed solution might look like this
main.tf:
resource "aws_transfer_ssh_key" "user_keys" {
server_id = var.server_id
user_name = var.username
dynamic "body" {
for_each = var.ssh_key_list
content {
body = trimspace(body.value.key)
}
}
}
variables.tf:
variable "ssh_key_list" {
type = list
description = "a list of user provided public keys rsa or eliptic curve keys are accepted"
default = [
{key = ""}
]
}
As an additional aside, the aws_transfer_ssh_key resource should have an output of 'SshPublicKeyId' as made available by the AWS API, so that it could be used for removing referenced keys later (not sure exactly how a remove would be implemented, but something to consider).
Description
since September 2022 AWS allows by console to add more than one key to the transfer server and with terraform only supports one key, it is necessary that this operation can be done with terraform to keep everything under IAC.
Requested Resource(s) and/or Data Source(s)
aws_transfer_server
Potential Terraform Configuration
No response
References
https://aws.amazon.com/es/about-aws/whats-new/2022/09/aws-transfer-family-multiple-host-keys-types-server/
Would you like to implement a fix?
None