-
New Feature
-
Resolution: Unresolved
-
Major
-
None
-
Hudson v1.348 and Hudson Amazon EC2 plugin v1.6
I'm fairly certain that the EC2 private key is not required to launch an AMI - just the access key and secret key. I think it would be useful (and more secure for users) to allow us to add an ssh private key that's not necessarily the EC2 key. Of course this would only help those who are launching AMIs that are made with the ssh key inserted, but I think most of us that use AMIs as hudson slaves make our own.
[JENKINS-5853] Allow Amazon EC2 Plugin to use ssh keys other than the EC2 private key
Component/s | New: ec2 [ 15625 ] | |
Component/s | Original: plugin [ 15491 ] |
EC2 private key is used to login to the launched EC2 instance, not to launch an AMI.
I'm not sure why it's "more secure for users" to use keys outside EC2. In fact I think it's less secure — using a key pair from EC2 allows the AMI not to be pre-baked with a particular key pair, which helps you avoid using the same key for prolonged period. You can also share the same image to different people securely.
With that said, I suppose we could relatively easily add this support — we already let you enter a private key, so we just allow you to enter arbitrary private key, and we trust you that you know what you are doing. A warning could still be issued to let the user know that the private key doesn't match any key pair in EC2, to prevent operator errors.