EC2 Keypairs

Introduction

Verifying fingerprints of Amazon EC2 keypairs is not as straight forward, as one would hope. Reading Amazon documentation, and some searching on the Internet is required.

This blog post demonstrates, how an OpenSSH key can be imported to Amazon platform, how to verify fingerprints, and how to use the keys on a CloudFormation EC2 instance.

:More:

Advertisements

Using OpenSSH on AWS Platform

Introduction

Amazon EC2 Instance IP Addressing sets several challenges for SSH usage, and for any tool using SSH connections:

  • Amazon public DNS names encode public IP addresses. Each time an instance is assigned a new public IP address, it also gets a new public DNS name. In essence this means that the task of managing Amazon Public DNS names becomes comparable to the task of managing IP addresses.
  • Using an IP address to contact an instance is complicated, because public IP Address, once released, cannot be reused. Using fixed IP addresses, such as Amazon Elastic-Ip Address, requires keeping track of reserved address, and comes with extra costs.
  • EC2 instances, with only a private IP address, cannot be reached directly from the Internet.
  • Private DNS names also encode the IP address they map to. On top of that, private DNS names cannot resolved outside the cloud network of the instance.

This post presents an idea to solve the challenges listed above. In short, we synchronize Amazon EC2 instance metadata automatically in OpenSSH Client Configuration file allowing SSH connections to be established using names stored in EC2 Tags. We give an example, and use it to introduce a tool, called aws-ssh-resolver, implementing the idea.

:More: