I'm currently using AutoScalingGroups to manage the lifecycle of a nodes in a Stack. During the Stack creation, the scripts create an ssh key that is then shared with all of the nodes in the cluster to allow an admin user to be able to ssh between nodes inside the stack. This is a requirement of the software that is being deployed to have passwordless ssh access. It is also a requirement that each Stack have its own ssh key and not use a shared one.
Unfortunately, when the ASG replaces a bad node, the ssh key is not available in the new node. The /home/adminuser/.ssh/authorized_keys file does not contain the ssh key I created when the stack was created. I'm looking for a way to store the ssh key so that it can be added to the new node created by the ASG.
I found SSM which has the ability to put and get parameters: http://docs.aws.amazon.com/cli/latest/reference/ssm/put-parameter.html http://docs.aws.amazon.com/cli/latest/reference/ssm/get-parameter.html
This could work. I could store all Stack's ssh keys here and then each Stack could just query the repository for the private key. Unfortunately, this won't work because the values are visible by all nodes in all Stacks in my account. I want the parameters only available to nodes in the stack.
One Stack might be for Test while another for Production under the same account. I don't want the Test users having the ability to query the Parameters associated with the Production Stack.
Is there a way to put variables/parameters for a Stack that is only available to the Stack? Is there another way to do this?
