When working with cloud infrastructure, security is of utmost importance. One critical aspect of security is controlling access to cloud resources, and this is particularly important when working with AWS EC2 instances. SSH keys are one way to secure access to EC2 instances, and with Terraform, it is straightforward to create and manage these keys.
SSH keys are used for secure access to an EC2 instance, and they consist of two parts – a public key and a private key. The public key is uploaded to the EC2 instance, and the private key is used to authenticate with the instance. The private key should be kept secure and not shared with anyone else.
Terraform is a powerful tool for managing infrastructure as code, and it can be used to create and manage SSH keys for secure access to AWS EC2 instances. Here’s how to do it.
First, create an SSH key pair. This can be done with the ssh-keygen
command on your local machine. To generate an RSA key pair with a 4096-bit key size, run the following command:
ssh-keygen -t rsa -b 4096
This will generate a public key and a private key in the .ssh
directory in your home directory. The public key has a .pub
extension and should be uploaded to the EC2 instance.
Next, create a Terraform module to manage the SSH key. The module should include the following code:
resource "aws_key_pair" "ssh_key" {
key_name = "ssh_key"
public_key = file("~/.ssh/id_rsa.pub")
}
This creates an AWS key pair resource with the name “ssh_key” and uploads the public key from the local machine to AWS. The file()
function is used to read the contents of the public key file on the local machine.
The next step is to reference the SSH key in the EC2 instance resource. This can be done with the key_name
parameter in the aws_instance
resource:
resource "aws_instance" "example" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
key_name = aws_key_pair.ssh_key.key_name
// other instance configuration
}
This creates an EC2 instance with the specified AMI and instance type, and associates the SSH key with the instance using the key_name
parameter. The value of aws_key_pair.ssh_key.key_name
is a reference to the name of the key pair resource created in the previous step.
Finally, initialize the Terraform module with terraform init
, and apply the changes with terraform apply
. Terraform will create the SSH key pair resource and the EC2 instance resource with the associated SSH key.
With this setup, you can now securely access the EC2 instance using the private key generated earlier. To do this, use the ssh
command on your local machine:
ssh -i ~/.ssh/id_rsa ec2-user@<instance_public_ip>
This will connect to the EC2 instance using the private key and the default user ec2-user
. Replace <instance_public_ip>
with the public IP address of the EC2 instance.
In summary, using SSH keys for secure access to AWS EC2 instances is a crucial part of cloud infrastructure security. With Terraform, it is straightforward to create and manage these keys as part of your infrastructure as code. By following the steps outlined in this article, you can ensure secure access to your EC2 instances and protect your cloud infrastructure.