I'm trying to set up my infrastructure using Terraform and need to securely access my EC2 instances through GitHub Actions. I understand that I need to download the private key when creating the EC2 key pair, but if I missed that step, what are my options? Can I regenerate a key using Terraform, and how should I store it to avoid losing it again?
4 Answers
I guess you'll just have to do the secret handshake with Bezos to get it back!
According to Terraform documentation, you can't download the private key directly after generating it through Terraform. Instead, generate the key pair manually and store the private key securely. Then, use Terraform to import it into AWS for your EC2 instances. If you're looking for automation, the AWS CLI has commands for generating key pairs that you can look into.
That’s the bummer part! Automation is key for me. Thanks for the info!
An option I use is to output the private key from Terraform right away and capture it in GitHub Actions. Here's a snippet: Example code to create the key and output it as a sensitive value, so your pipeline can grab it without losing it.
You can only download the private key once during the creation of the key pair. If you didn’t do that, unfortunately, that specific key pair is now unusable. Your best bet is to create a new key using Terraform and store it somewhere safe, like AWS Secrets Manager or SSM Parameter Store, so you don’t lose it again.
Yeah, that makes sense. I’ll give it a shot. Thanks!
LOL, right? Thanks for making it a little lighter!