Cheap cloud based delivery SSH keys (Lambda, S3, Ansible, Shell)
Create Lambda Function and import code in Lambda folder.
Allow access to Cloudwatch and S3.
To scheduller, we will use CloudWatch Events:
Description: Create a Key Pair for the next month
cron(0 1 1 * ? *)
In Local account, use to permit Ec2 Instances access S3 Bucket, using IAM policy bellow, attached on a IAM Role used on Ec2 instances:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::<BUCKET_NAME>/*",
"arn:aws:s3:::<BUCKET_NAME>/"
]
}
]
}
In Cross Account access, use:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Example permissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<AWS LOCAL ACCOUNT ID>:root"
},
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::<BUCKET_NAME>",
"arn:aws:s3:::<BUCKET_NAME>/*"
]
}
]
}
aws --profile --region iam attach-role-policy --policy-arn <ARN_POLICY> --role-name iam-role_name