Accessing Terraform created AWS instances
2,792 views
Skip to first unread message
TechieRik
Aug 30, 2016, 5:02:23 PM8/30/16
to Terraform
Hi,
I am a newbie. I am following the Getting started guide, and have been able to successfully create and destroy AWS instances. However, what I am not able to figure out is how do I login to the AWS instances since I am not generating a key pair when I am creating an instance through Terraform?
I am sure I am missing out on a very silly point, but need some help here.
Thanks.
I am a newbie. I am following the Getting started guide, and have been able to successfully create and destroy AWS instances. However, what I am not able to figure out is how do I login to the AWS instances since I am not generating a key pair when I am creating an instance through Terraform?
I am sure I am missing out on a very silly point, but need some help here.
Thanks.
Andrew Langhorn
Aug 30, 2016, 5:57:37 PM8/30/16
to terrafo...@googlegroups.com
Hi Rik,
Since the aws_key_pair resource doesn't let you create a new key pair, you have two choices, as I see it:
- You make a key pair manually in the AWS Management Console, and import it using the aws_key_pair resource.
- You create an AMI with a key baked in to it, and give the AMI ID to an appropriate Terraform resource to ensure that the instance is launched with that key baked in.
Depending on your needs now and in the future, you might find one of these ways a little more malleable. Personally, I prefer the latter, since I can then control keys in, say, Puppet, bake a new AMI when we need to change things, and deploy that by changing EC2 Launch Configurations in Terraform.
Hope that helps!
Andrew
TechieRik
Sep 6, 2016, 4:15:36 PM9/6/16
to Terraform, andrew....@thoughtworks.com
Hi Andrew/All,
Thanks for your response.
I thought mine was a very basic question - I am creating instances on AWS with Terraform, but I need to access those APIs. I am still trying to go through the "Getting Started" tutorials, but would like to hear how others are doing it?
Are they using Option 1 or Option 2 of what your have stated? Are there any other options?
Also, I am a newbie with Terraform, but I really want to use it. Is there a tutorial on using the aws_key_pair resource with terraform in order to access it?
Regards,
Ritwik
Thanks for your response.
I thought mine was a very basic question - I am creating instances on AWS with Terraform, but I need to access those APIs. I am still trying to go through the "Getting Started" tutorials, but would like to hear how others are doing it?
Are they using Option 1 or Option 2 of what your have stated? Are there any other options?
Also, I am a newbie with Terraform, but I really want to use it. Is there a tutorial on using the aws_key_pair resource with terraform in order to access it?
Regards,
Ritwik
David Adams
Sep 6, 2016, 4:51:52 PM9/6/16
to terrafo...@googlegroups.com, andrew....@thoughtworks.com
It depends on what you are trying to do. The company I'm with still has most of our stuff pre-Terraform, so we already have individual keys registered and when we create new instances we specify the appropriate key, then our configuration management takes over and grants access to all the people who need access. So that's one option: just create your key outside Terraform, and if you want flexible Terraform code, use a variable to specify the key name.
Do you just need to be able to log into the instances you just created (eg, to run config management)? Or are you wanting to create new keys for new instances?
If you just want to be able to log in, just copy your public key to a file in your terraform directory and then you can do:
resource "aws_key_pair" "access" {
key_name = "access"
public_key = "${file("key.pub")}"
}
Then just specify `key_name = "access"` when you create EC2 instances.
If you want to create new keys, try the null_resource:
resource "null_resource" "create-key" {
provisioner "local-exec" {
command = "ssh-keygen -b 4096 -t rsa -N '' -C my-ec2-key -f terraform.key"
}
}
That will create a keypair and you can then use the aws_key_pair resource to import the contents of terraform.key.pub.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/756c7550-eebd-43e7-9900-ab40d5d69627%40googlegroups.com.
Message has been deleted
David Adams
Sep 12, 2016, 3:01:08 PM9/12/16
to terrafo...@googlegroups.com, andrew....@thoughtworks.com
If you generate the keypair through the AWS web UI, the file you download is the private key. And in this case you do not need to specify an "aws_key_pair" resource at all. Just use the name of the keypair you created in the AWS UI for the key_name attribute on aws_instance. Then when you go to connect to it, you would use that pem file as your ssh identity file.
On Tue, Sep 6, 2016 at 6:11 PM, TechieRik <ritwik.t....@gmail.com> wrote:
Hi David,
Thanks for your response. Yes, for now I am just trying to log into the instances just created.
I tried going with option 1 you had outlined. As in I went through the following steps:
- Generated a key pair and downloaded it. Note: It downloaded as *.pem file and not *.pub
- Saved the file in my folder
- Defined the resources in .tf file as mentioned below and ran terraform apply on it.
ami = "ami-69febd09"
instance_type = "t2.nano"
key_name = "access"
}
resource "aws_key_pair" "access" {
key_name = "access"
public_key = "${file("mykeypair.pem")}"
}
I get the following error message:
* aws_key_pair.access: Error import KeyPair: InvalidParameterValue: Value (XXXX) for parameter PublicKeyMaterial is invalid. Length exceeds maximum of 2048.
Is this because I am using a *.pem file instead of *.pub? How should I convert it?
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/756c7550-eebd-43e7-9900-ab40d5d69627%40googlegroups.com.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/4244294f-25a4-4c78-9785-706286d96790%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages