Terraform. SSH keys. Connect from bastion host to ec2 instance in private subnet

Question

Can't connect to my ec2 instance in private subnet from bastion host in public subnet. Permission denied (publickey) How can I generate keys, using Terraform, and deploy them to servers? network overwiew

Answer 1

Well, for keys, you can generate manually using key pair. After that, use that key par on your Terraform script. Or if you still need to generate key using Terraform, try this link : https://www.phillipsj.net/posts/generating-ssh-keys-with-terraform/

Answer 2

Create using tls provider like below and save the content in in a file and then use the keypair name in resource creation

variable "private_key_file_path" {
 default = "ec2-key.pem"
}

        resource "tls_private_key" "ec2key" {
          algorithm = "RSA"
          rsa_bits  = 4096 
        }
        
        resource "local_file" "private_key" {
          content         = tls_private_key.ec2key.private_key_pem
          filename        = "${var.private_key_file_path}"
          file_permission = "0400"
        }
    
    
     resource "aws_key_pair" "key-pair" { 
      key_name = split(".","${var.private_key_file_path}")[0]
      public_key = tls_private_key.ec2key.public_key_openssh
    }

NOTE: local_file resource to save the key in a file is not security best practice