我已经使用 Terraform 代码及其 Windows 密钥对创建了一个实例。为了获取管理员密码,我单击了下面的解密按钮并获取了无效的解密密钥。请建议如何修复它。
# Create an S3 bucket
resource "aws_s3_bucket" "my_bucket" {
bucket = "my-ssh-keys-bucket" # Replace with your desired bucket name
}
# Upload the public key to the S3 bucket
resource "aws_s3_bucket_object" "my_key_object" {
bucket = aws_s3_bucket.my_bucket.id
key = "ssh-keys/id_rsa.pub" # Replace with the desired key name/path within the bucket
source = "keys/id_rsa.pub"
}
resource "aws_s3_bucket_object" "my_key_object2" {
bucket = aws_s3_bucket.my_bucket.id
key = "ssh-keys/id_rsa" # Replace with the desired key name/path within the bucket
source = "keys/id_rsa"
}
# Create an EC2 instance
resource "aws_instance" "my_instance" {
count = 2
ami = "ami-0xxxxxx" # Replace with the Windows Server 2019 AMI ID
instance_type = "t2.micro" # Update with your desired instance type
subnet_id = "subnet-0c6dfb7d123e515c9"
key_name = aws_key_pair.example.key_name #tls_private_key.my_ssh_key.key_name
#vpc_security_group_ids = [aws_security_group.my_security_group.id] #attach security groups here as a list
vpc_security_group_ids = [aws_security_group.my_security_group.id]
tags = {
Name = "instance-${count.index}"
}
root_block_device {
volume_size = 100
volume_type = var.volume_type
delete_on_termination = true
encrypted = true
kms_key_id = var.kms_key_id
tags = {
Name = "root volume"
}
}
答案1
我不确定在 s3 中存储 ssh 密钥的用例,(想不出任何可能的理由来上传两者,还有很多其他选项,如参数存储、安全字符串或秘密管理器)
您的代码中如何引用它?
aws_key_pair.example.key_name?
只需在控制台中创建密钥对(将私钥保存在密码管理器中)。
然后在您的 tf 代码中将其设置key_name =为您创建的代码。
为了使用 s3 检索您的密钥来创建实例,您将需要重新考虑您的设计并相应地重构其余代码,我个人会远离那个 s3 想法。