Sling Academy
Home/DevOps/Terraform: How to generate SSH keys

Terraform: How to generate SSH keys

Last updated: February 04, 2024

Table of Contents

  1. Introduction
    1. Prerequisites
  2. Generating a Basic SSH Key Pair
  3. Advanced SSH Key Generation
  4. Automating SSH Key Injection into Cloud Infrastructure
  5. Conclusion

Introduction

In this tutorial, we will explore how to generate SSH keys using Terraform. Terraform is a powerful infrastructure as code tool that allows for the provisioning of infrastructure through code. SSH keys are cryptographic keys that allow for secure communication between a client and a server. Generating SSH keys with Terraform can streamline your infrastructure deployment process, ensuring secure connections without manual intervention.

Prerequisites

  • Terraform installed and configured on your system.
  • Basic understanding of Terraform syntax and structure.
  • An understanding of SSH keys and their use in secure communications.

Generating a Basic SSH Key Pair

Let’s start by generating a simple SSH key pair. This example will cover generating a standard RSA key pair.

resource "tls_private_key" "example" {
  algorithm = "RSA"
  rsa_bits = 2048
}

Output:

tls_private_key.example: Creating...
  algorithm:  "" -
> "RSA"
  rsa_bits:   "" -
> "2048"
  private_key_pem: "" -
> "-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----"
  public_key_pem:  "" -
> "-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----"

In the code above, the tls_private_key resource is used to generate a RSA key with 2048 bits. The output will be the private and public keys in PEM format. This is a simple and straightforward method to generate a basic SSH key pair using Terraform.

Advanced SSH Key Generation

For those requiring a higher level of security, generating an ECDSA key pair or setting up additional options can provide added benefits. Here’s how you can generate an ECDSA key pair:

resource "tls_private_key" "advanced_example" {
  algorithm = "ECDSA"
  ecdsa_curve = "P384"
}

Output:

tls_private_key.advanced_example: Creating...
  algorithm:   "" -
> "ECDSA"
  ecdsa_curve: "" -
> "P384"
  private_key_pem: "" -
> "-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----"
  public_key_pem:  "" -
> "-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----"

This example utilizes the ECDSA algorithm with the P384 curve, known for stronger security compared to RSA keys of similar size. With Terraform, generating this type of key is just as simple as the previous example but provides stronger security guarantees.

Automating SSH Key Injection into Cloud Infrastructure

Now that we have our SSH keys, the next step is to use Terraform to inject these keys into our cloud infrastructure to enable secure SSH access. The following example demonstrates how to add an SSH key to an AWS EC2 instance:

resource "aws_key_pair" "deployer_key" {
  key_name   = "deployer_key"
  public_key = tls_private_key.example.public_key_pem
}

resource "aws_instance" "example_instance" {
  ami           = "ami-a1b2c3d4"
  instance_type = "t2.micro"
  key_name      = aws_key_pair.deployer_key.key_name

  # Specify other instance settings
}

This code snippet illustrates how the generated public SSH key can be integrated into an AWS EC2 instance configuration. It allows you to automatically enable secure SSH access to your EC2 instance when it’s provisioned.

Conclusion

Generating SSH keys with Terraform is an efficient way to ensure the security of your server communications right from the deployment phase. Whether you’re setting up a basic RSA key pair for standard security or an ECDSA key for enhanced security, Terraform provides a streamlined approach to manage SSH keys alongside your infrastructure as code. Incorporating automated key injection into your cloud infrastructure further simplifies the process, making it a seamless part of your deployment workflow. By leveraging Terraform for SSH key generation, you can maintain a high level of security with minimal manual intervention.

Next Article: Terraform: How to generate self-signed SSL certificates

Previous Article: Terraform: Working with the terraform_login command

Series: Terraform Tutorials

DevOps

You May Also Like

  • How to reset Ubuntu to factory settings (4 approaches)
  • Making GET requests with cURL: A practical guide (with examples)
  • Git: What is .DS_Store and should you ignore it?
  • NGINX underscores_in_headers: Explained with examples
  • How to use Jenkins CI with private GitHub repositories
  • Terraform: Understanding State and State Files (with Examples)
  • SHA1, SHA256, and SHA512 in Terraform: A Practical Guide
  • CSRF Protection in Jenkins: An In-depth Guide (with examples)
  • Terraform: How to Merge 2 Maps
  • Terraform: How to extract filename/extension from a path
  • JSON encoding/decoding in Terraform: Explained with examples
  • Sorting Lists in Terraform: A Practical Guide
  • Terraform: How to trigger a Lambda function on resource creation
  • How to use Terraform templates
  • Understanding terraform_remote_state data source: Explained with examples
  • Jenkins Authorization: A Practical Guide (with examples)
  • Solving Jenkins Pipeline NotSerializableException: groovy.json.internal.LazyMap
  • Understanding Artifacts in Jenkins: A Practical Guide (with examples)
  • Using Jenkins with AWS EC2 and S3: A Practical Guide