https://pulumi.com logo
Title
a

able-hospital-16256

01/03/2023, 7:33 PM
Hello pals, Does anybody know a way to allow from ec2 instances the use of PEM files?, this throw an error from the execution of amazon documents about permission denied
b

billowy-army-68599

01/03/2023, 7:34 PM
please share any code you have
a

able-hospital-16256

01/03/2023, 7:38 PM
This is the error @billowy-army-68599
{
  "changed": false,
  "msg": "Failed to connect to the host via ssh: no such identity: /root/.ssh/ec_aws_ansible_test.pem: No such file or directory\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic).",
  "unreachable": true
}
And this is the code that i use to execute the documents:
example = aws.ssm.Association("specificInstanceIdAssociation", association_name="SessionSRE",
                              name="AWS-RunShellScript",
                              targets=[aws_native.ssm.AssociationTargetArgs(
                                  key="InstanceIds",
                                  values=[
                                      "i"],
                              )],
                              parameters={'commands': 'export PATH=/home/ec2-user/.nvm/versions/node/v12.16.3/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/ec2-user/.local/bin:/home/ec2-user/bin; cd /home/ec2-user; cd /var/www/ec-deployments; ansible-playbook playbooks.yml -i staging -e app_name=fake_api --vault-id vault_password_staging -t update',
                                          'workingDirectory': ''}
                              )
b

billowy-army-68599

01/03/2023, 7:41 PM
yeah that looks like you’re referencing a file that doesn’t exist?
a

able-hospital-16256

01/03/2023, 7:42 PM
The file exist, but it’s something related to permissions, and the owner of the file, the instance initialized with ec2 user but in the document executions it seems that the user change to root, and the owner file it’s ec2
Hi @billowy-army-68599 do you have any clue?
b

billowy-army-68599

01/04/2023, 3:56 PM
@able-hospital-16256 i’m not super familiar with SSM used in this was I’m afraid. I’m afraid. SSH private keys need to have
0600
perms though