Using EC2 imagebuilder to populate authorized_keys from s3 does not work

Question

I'm struggling to setup imagebuilder to populate authorized_keys file from S3 file on a Amazon Linux 2 instance.

IAM role is functionnal and pipeline runs fine (no error, nor output)

Here is the recipe i'm using

description: This is hello world testing document.
schemaVersion: 1.0
phases:
  - name: build
    steps:
      - name: Download_Authorized_Keys_File
        action: S3Download
        onFailure: Abort
        inputs:
          - source: 's3://mysuperbucket/authorized_keys'
            destination: '/home/ec2-user/.ssh/authorized_keys'
      - name: Ensure_Correct_File_Permission
        action: ExecuteBash
        onFailure: Abort
        inputs:
          commands:
            - 'chown ec2-user:ec2-user /home/ec2-user/.ssh/authorized_keys'
            - 'chmod 600 /home/ec2-user/.ssh/authorized_keys'

Also, when investigating and copying that file elsewhere, it runs fine and file is present.

When manually copying that file to destination, it works as well. Does anyone have any clue?

score 0 · Accepted Answer · answered Aug 26 '20 at 11:53

0

Found it, AWS deletes /home/ec2-user/.ssh/authorized_keys as a cleanup after creating the AMI. (see https://docs.aws.amazon.com/imagebuilder/latest/userguide/imagebuilder-ug.pdf p97-98)

answered Aug 26 '20 at 11:53

vfrans

43
1
7

Using EC2 imagebuilder to populate authorized_keys from s3 does not work

1 Answers1