Terraform module to create AWS EC2 key pair resources 🇺🇦

Home Page: https://registry.terraform.io/modules/terraform-aws-modules/key-pair/aws

License: Apache License 2.0

HCL 100.00%

aws-ec2 key-pair ec2-key-pair aws terraform-module

terraform-aws-key-pair's Introduction

AWS Key Pair Terraform module

Terraform module which creates EC2 key pair on AWS.

Usage

EC2 Key pair w/ module created key material

module "key_pair" {
  source = "terraform-aws-modules/key-pair/aws"

  key_name           = "deployer-one"
  create_private_key = true
}

EC2 Key pair w/ externally created public key material

resource "tls_private_key" "this" {
  algorithm = "RSA"
}

module "key_pair" {
  source = "terraform-aws-modules/key-pair/aws"

  key_name   = "deployer-two"
  public_key = trimspace(tls_private_key.this.public_key_openssh)
}

EC2 Key pair w/ existing public key material

module "key_pair" {
  source = "terraform-aws-modules/key-pair/aws"

  key_name   = "deployer-three"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 [email protected]"
}

Conditional creation

Sometimes you need to have a way to create key pair conditionally but Terraform does not allow to use count inside module block, so the solution is to specify argument create_key_pair.

# This EC2 key pair will not be created
module "key_pair" {
  source = "terraform-aws-modules/key-pair/aws"

  create = false
  # ... omitted
}

Examples:

Complete - Create EC2 key pair

Requirements

Name	Version
terraform	>= 1.0
aws	>= 4.21
tls	>= 3.4

Providers

Name	Version
aws	>= 4.21
tls	>= 3.4

Modules

No modules.

Resources

Name	Type
aws_key_pair.this	resource
tls_private_key.this	resource

Inputs

Name	Description	Type	Default	Required
create	Determines whether resources will be created (affects all resources)	`bool`	`true`	no
create_private_key	Determines whether a private key will be created	`bool`	`false`	no
key_name	The name for the key pair. Conflicts with `key_name_prefix`	`string`	`null`	no
key_name_prefix	Creates a unique name beginning with the specified prefix. Conflicts with `key_name`	`string`	`null`	no
private_key_algorithm	Name of the algorithm to use when generating the private key. Currently-supported values are `RSA` and `ED25519`	`string`	`"RSA"`	no
private_key_rsa_bits	When algorithm is `RSA`, the size of the generated RSA key, in bits (default: `4096`)	`number`	`4096`	no
public_key	The public key material	`string`	`""`	no
tags	A map of tags to add to all resources	`map(string)`	`{}`	no

Outputs

Name	Description
key_pair_arn	The key pair ARN
key_pair_fingerprint	The MD5 public key fingerprint as specified in section 4 of RFC 4716
key_pair_id	The key pair ID
key_pair_name	The key pair name
private_key_id	Unique identifier for this resource: hexadecimal representation of the SHA1 checksum of the resource
private_key_openssh	Private key data in OpenSSH PEM (RFC 4716) format
private_key_pem	Private key data in PEM (RFC 1421) format
public_key_fingerprint_md5	The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:....` Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the ECDSA P224 limitations
public_key_fingerprint_sha256	The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:....` Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the ECDSA P224 limitations
public_key_openssh	The public key data in "Authorized Keys" format. This is populated only if the configured private key is supported: this includes all `RSA` and `ED25519` keys
public_key_pem	Public key data in PEM (RFC 1421) format

Authors

Module is maintained by Anton Babenko with help from these awesome contributors.

License

Apache 2 Licensed. See LICENSE for full details.

terraform-aws-key-pair's People

Contributors

Stargazers

Watchers

Forkers

rajpenjarla-git boriphuth tharlesson cszelesbbs afaleti dbuentello bsgchina-lin gitmukhtar ozbillwang s0medude jamesnyika phxunixmn cloudopss aalimahg devopsglobalsolutions arzgethalm bingoassistance arun9theja craigwalkerwl diwakarg2018 sswastioyono18 zhengzhu10x lcbconsultantccie ethanbrooks humbertopenao maruthipp009 raghavmaxxsure julianreyessweepr akshiv20 zakanderson oamosu14 minderjin praveenadmin sushruthg-aka bryantbiggs aboutyou hi-eu michaelmcmurray443 jaba0x angjelo qtanit87 nagarjuna06239 manfred0191 ramu143-cpu jgireeshj 1robroos sheikhaafaq bogste fible-technologies banna2019 rakeshchatla amar-m-cloud kanmigbajobi kprasanth999 renatoc smruti-21 stackguardian deesnest ethanflower1903 ryanoatz99 tngraceenough pothuraju123 nagarjuna-5 ryanoatz1999 devopspractice64 saralatiwari ranimurmu opensource-terraform-modules ivansamartino m-leena bhavani2906 taiwoabbey uj-devops umavanth21 devopsvinit brenesamerica abiramiayyasamy raro83 techjunaid-0704 snchoh motunfat zitaratech nbhimaraju57 intangibleintelligence rahulkamde luli0034 aravinthgv dev-slatto sivakumar46 shekinah22 narendra-gupta-ibm damandal0rian prakash-kumard aoit-admin sanjay7917 ssedor1 san-r-d praveenkumarca kwabenasarfo1 enochsedwards

terraform-aws-key-pair's Issues

Nebulous error upon using non-RSA key pair on AWS

terraform -version
Terraform v0.14.6
+ provider registry.terraform.io/hashicorp/aws v3.28.0
lsb_release -a
Description:    CentOS Linux release 8.3.2011
Release:        8.3.2011

While practicing with Terraform in my personal AWS environment, I used the following code while working on Terraform functions:

resource "aws_key_pair" "loginkey" {
  key_name   = "login-key"
  public_key = file("${path.module}/id_rsa.pub")
}

As is usually my habit when working with ssh-keygen, I generated an ed25519 key. Upon attempting to use it, Terraform greeted me with the following error:

aws_key_pair.loginkey: Creating...

Error: Error import KeyPair: InvalidKey.Format: Key is not in valid OpenSSH public key format
        status code: 400, request id: 54d0c365-8ab5-49b5-8420-9108084eb183

It did not take long at all to find and subsequently remember that AWS only supports RSA keys as of this time. ed25519, ECDSA, and DSA keys all result in the same error, which I have just verified. Curiously enough, the first link below mentions that AWS uses 2,048 bit RSA keys, but I have just used Terraform to use 4,096 and 8,192 bit RSA keys, insert them into my account's Key Pairs, and connect to the resulting EC2 instances just fine as long as they are newer, such as RHEL 8. Amazon Linux 2 errors out, curiously enough.

Amazon EC2 key pairs and Linux instances (docs.aws.amazon.com)

Unanswered Amazon forums thread of people requesting ed25519 key support (forums.aws.amazon.com)

Would it be possible to update the error handling for this particular module such that, if it detects a non-RSA key being imported, it tells the user something along the lines of "Only RSA SSH keys are supported as of this time. Please reference an RSA key to function properly with AWS EC2 instances."

No provider "aws" plugins meet the constraint

Hello!

I have problem with new update

fran@fran-X580VD:~/mesa-dinero/dev/back$ terraform init
Initializing modules...
Downloading terraform-aws-modules/key-pair/aws 0.3.0 for key_pair2...

key_pair2 in .terraform/modules/key_pair2/terraform-aws-modules-terraform-aws-key-pair-06fa6de

Initializing the backend...

Initializing provider plugins...

Checking for available provider plugins...

No provider "aws" plugins meet the constraint "~~> 2.23,~~> 2.46.0,~> 2.53".

The version constraint is derived from the "version" argument within the
provider "aws" block in configuration. Child modules may also apply
provider version constraints. To view the provider versions requested by each
module in the current configuration, run "terraform providers".

To proceed, the version constraints for this provider must be relaxed by
either adjusting or removing the "version" argument in the provider blocks
throughout the configuration.

Error: no suitable version is available

Missing spec for region and version

Perhaps you should consider placing a mandatory input var.region where module can be cross refferanced.

  required_version = ">= 0.12"
}

provider "aws" {
  region = var.region
}

variable "region" {
  description = "AWS Region, .g. 'eu-west-1'"
}

Usage:

module "north_1-key_pair_bastion" {
  source     = "./modules/key-pair"
  region     = "eu-north-1"
  key_name   = "bastion"
  public_key = "ssh-rsa xxxxxxxxx [email protected]"
}

Enabling several keypairs to be generated (i.e count > 1)

We recently found a need to create a keypair with every VM that we create. So there were two updates to the module.
One was to support count in this module and use this array of keys in the VM module.

resource "aws_key_pair" "this" {
  count      = var.key_count
  key_name   = var.key_count == 1 ? var.key_name : format("%s-%03d", var.key_name, (count.index + 1))
  public_key = var.ssh_public_key
  tags = var.tags
}

I can create a PR for the same, if you feel there is a need to entertain it.

Code and version requirements broken with Terraform v0.15

Description

Receiving an error with the deprecated list function when upgrading to Terraform binary v0.15

Versions

Terraform v0.15.0
on linux_amd64

provider registry.terraform.io/hashicorp/aws v3.7.0
provider registry.terraform.io/hashicorp/null v3.1.0
provider registry.terraform.io/hashicorp/random v3.1.0
provider registry.terraform.io/hashicorp/tls v3.1.0

Reproduction

Steps to reproduce the behavior:
terraform init
terraform plan

Code Snippet to Reproduce

Error: Error in function call
│ 
│   on .terraform/modules/test_ssh_keypair.tls_private_key/outputs.tf line 2, in output "algorithm":
│    2:   value = concat(tls_private_key.key.*.algorithm, list(""))[0]
│ 
│ Call to function "list" failed: the "list" function was deprecated in Terraform v0.12 and is no longer available; use tolist([ ... ]) syntax to write a literal list.

 Error: Error in function call
│ 
│   on .terraform/modules/tls_private_key/outputs.tf line 2, in output "algorithm":
│    2:   value = concat(tls_private_key.key.*.algorithm, list(""))[0]
│ 
│ Call to function "list" failed: the "list" function was deprecated in Terraform v0.12 and is no longer available; use tolist([ ... ]) syntax to write a literal list.

Additional context

The error is replicated a number of times in both the real and the test modules

How can I get private key for login ?

if i create like this how can I get private key ?

resource "random_pet" "this" {
  length = 2
}

resource "tls_private_key" "this" {
  algorithm = "RSA"
}

module "key_pair" {
  source = "../../modules/aws/key-pair"

  key_name   = random_pet.this.id
  public_key = tls_private_key.this.public_key_openssh

  tags = {
    Terraform = "true"
  }
}

Error: Failed to download module.

The code I'm using. If key-name already exists, don't try to create it, it will produce an error. If it exists, just use it:
module "key_pair" {
source = "terraform-aws-modules/key-pair/aws"
key_name = "surfkey"
public_key = file("~/.ssh/surfkey.pub")
create_key_pair = false
}

Error:

terraform init

Initializing modules...
Downloading terraform-aws-modules/key-pair/aws 0.6.0 for key_pair...

Error: Failed to download module

Could not download module "key_pair" (main.tf:165) source code from
"git::https://github.com/terraform-aws-modules/terraform-aws-key-pair?ref=v0.6.0":
error downloading
'https://github.com/terraform-aws-modules/terraform-aws-key-pair?ref=v0.6.0':
git must be available and on the PATH.

terraform-aws-modules / terraform-aws-key-pair Goto Github PK