Reputation: 33544
How generate and insert ssh public key definition in cloudfromation template?
I have generated ssh key via amazon web console. But how to use it for creating glue developer endpoint?
Consider the following code snippet:
IAMRole:
Type: "AWS::IAM::Role"
DeletionPolicy: "Delete"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service: "glue.amazonaws.com"
Action: "sts:AssumeRole"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonS3FullAccess"
- "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole"
MaxSessionDuration: 3600
Path: "/role/"
# PermissionsBoundary: String
# Policies: Json
RoleName: "GlueDevEndpoint"
GlueDevEndpoint:
Type: AWS::Glue::DevEndpoint
DeletionPolicy: "Delete"
Properties:
EndpointName: MyEndpointName
GlueVersion: "1.0"
NumberOfNodes: 2
PublicKey: >
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "imported-openssh-key"
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
---- END SSH2 PUBLIC KEY ----
RoleArn: !GetAtt IAMRole.Arn
I got error:
An error occurred: GlueDevEndpoint - Invalid SSH RSA public key. ssh-keygen -t rsa -C "[email protected]" (Service: AWSGlue; Status Code: 400; Error Code: InvalidInputException.
I have tried to put a content from:
pemfile downloadeed from aws console.- extract public/private key parts via putty and use them
- extract public key via commands: openssl rsa -in my-key.pem -pubout > my-key.pubrsa
- extract public key via commands: ssh-keygen -y -f my-key.pem > my-key2.pubrsa
Putting content from all these files lead to same error. I think that public key should be generated to have header like
-----BEGIN RSA PUBLIC KEY----- but all of approaches before gives me public keys with different headers:
-----BEGIN RSA PRIVATE KEY-----,---- BEGIN SSH2 PUBLIC KEY ----,-----BEGIN PUBLIC KEY-----
Any ideas?
Upvotes: 1
Views: 1807
Answers (2)
Reputation: 159
Adding on to what @Cherry mentioned, Glue requires the public RSA key to require an email address.
Generate the private public key pair with an email ID.
ssh-keygen -t rsa -C "[email protected]"
This generates the public key in the following format.
ssh-rsa AAAAB3NzU6mXo= [email protected]
Upload the above public key to AWS Glue when provisioning the endpoint.
Upvotes: 3
Reputation: 33544
The answer is to use key in fomat like:
ssh-rsa AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [email protected]
Do not forget to include you email at the end! Without this amazon will fail with error.
GlueDevEndpoint:
Type: AWS::Glue::DevEndpoint
DeletionPolicy: "Delete"
Properties:
EndpointName: MyEndpointName
GlueVersion: "1.0"
NumberOfNodes: 2
PublicKey: "ssh-rsa AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [email protected]"
RoleArn: !GetAtt IAMRole.Arn
Upvotes: 2
Related Questions
- Public key creation in AWS cloudformation giving following error: Invalid request provided: AWS::CloudFront::PublicKey
- Creating Ec2 SSH KEy with Cloud Formation in CI/CD
- How to pass public key from parameter file in cloudformation template?
- How can I import a key from my desktop to the cloudformation template?
- CloudFormation Template doesnt pick KeyPair
- How to create a user and copy corresponding pub file to authorized_key using AWS CloudFormation?
- IAM based ssh to EC2 instance using CloudFormation template
- is there a CloudFormation way of uploading an SSH_PublicKey after a user is being created?
- How can I obtain the access key and secret key in cloud formation in aws
- aws cloud formation add public key for github