Hello pals, Does anybody know a way to allow from...
# aws
a
Hello pals, Does anybody know a way to allow from ec2 instances the use of PEM files?, this throw an error from the execution of amazon documents about permission denied
b
please share any code you have
a
This is the error @billowy-army-68599
Copy code
{
  "changed": false,
  "msg": "Failed to connect to the host via ssh: no such identity: /root/.ssh/ec_aws_ansible_test.pem: No such file or directory\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic).",
  "unreachable": true
}
And this is the code that i use to execute the documents:
Copy code
example = aws.ssm.Association("specificInstanceIdAssociation", association_name="SessionSRE",
                              name="AWS-RunShellScript",
                              targets=[aws_native.ssm.AssociationTargetArgs(
                                  key="InstanceIds",
                                  values=[
                                      "i"],
                              )],
                              parameters={'commands': 'export PATH=/home/ec2-user/.nvm/versions/node/v12.16.3/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/ec2-user/.local/bin:/home/ec2-user/bin; cd /home/ec2-user; cd /var/www/ec-deployments; ansible-playbook playbooks.yml -i staging -e app_name=fake_api --vault-id vault_password_staging -t update',
                                          'workingDirectory': ''}
                              )
b
yeah that looks like you’re referencing a file that doesn’t exist?
a
The file exist, but it’s something related to permissions, and the owner of the file, the instance initialized with ec2 user but in the document executions it seems that the user change to root, and the owner file it’s ec2
Hi @billowy-army-68599 do you have any clue?
b
@able-hospital-16256 i’m not super familiar with SSM used in this was I’m afraid. I’m afraid. SSH private keys need to have
0600
perms though