Step 1: Add Keys To Parameter Store - Alex-Burgess/ansible-demo GitHub Wiki
The Ansible setup requires the creation and distribution of keys to enable ssh between hosts. As there is no separation between environments at the network level, the isolation is achieved by using a different key for each environment. So, there are 3 keys, one each for test, staging and prod. The AWS Parameter Store is used to store the keys as it's free, supports a hierarchical structure as well as encryption.
A pre-requisite for this task, is that the user (or script, or instance) must have IAM permissions for ssm command execution. Additionally, the procedure to create keys for all environments extends to roughly 10 commands, so is a prime candidate for automation, however for clarity the full manual steps have been shown.
To add the keys to the Parameter Store:
- Create the key:
$ mkdir /tmp/ansible $ ssh-keygen -f /tmp/ansible/ansible_test -C ansible_test -b 2048 -t rsa -q -N "" - Add a the key to the parameter store:
aws ssm put-parameter --name "/Ansible/HelloWorld/test/private_key" --value "`cat /tmp/ansible/ansible_test`" --type SecureString aws ssm put-parameter --name "/Ansible/HelloWorld/test/public_key" --value "`cat /tmp/ansible/ansible_test.pub`" --type SecureString - Check the get (if you have permission):
$ aws ssm get-parameter --name "/Ansible/HelloWorld/test/private_key" --with-decryption - Delete the local key:
rm -Rf /tmp/ansible - Repeat the process for additional environments substituting staging and prod for test. (See Additional Parameter Store Information for the full command list if required.)