kiwifellows
commented
3 years ago Will defer to a later date when start hooking UI up to the existing Teemops API.
Open kiwifellows opened 3 years ago
kiwifellows
commented
3 years ago Will defer to a later date when start hooking UI up to the existing Teemops API.
kiwifellows
commented
3 years ago Possible solutions include user pasting in public key to add to authorized keys in user data part of EC2 launch... Other solution is to provide instructions that are really clear to add an EC2 Keypair into EC2. Another solution is to generate a key in userdata script and add to customers EC2 key pairs and also upload to private S3 bucket...
kiwifellows
commented
3 years ago Thinking about this further if EC2 key pair was generated inside the userdata script the IAM permissions will need to be very restrictive - e.g ONLY allow creation of EC2 Keypair, but not describe /list key pairs as this would be a security consideration.
kiwifellows
commented
3 years ago I'll explore using Macros as a way of creating a key if the name of the key doesn't exist in the customer's launched region/account. Examples available here: https://github.com/awslabs/aws-cloudformation-templates/tree/master/aws/services/CloudFormation/MacrosExamples/Boto3
Configure tui to use the teemops API for managing PEM Keys. This is already present in the API, just needs to be coded into API.
It needs to be passwordless at moment as we are not supporting username/password combinations at the moment.
Expected Behaviour: Someone ticks "generate a PEM Key" and this automatically creates a PEM key they can use in their instance...