{"id":37972972,"url":"https://github.com/dweomer/aws-cloudformation-keypair","last_synced_at":"2026-01-16T18:25:42.396Z","repository":{"id":64306264,"uuid":"130454702","full_name":"dweomer/aws-cloudformation-keypair","owner":"dweomer","description":"Custom::KeyPair is a CloudFormation custom resource Lambda function, written in Go","archived":false,"fork":false,"pushed_at":"2018-04-26T19:00:13.000Z","size":11,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-20T03:55:03.948Z","etag":null,"topics":["cloudformation","cloudformation-custom-resource","cloudformation-template","golang","lambda","serverless-application-model"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dweomer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-21T08:25:50.000Z","updated_at":"2022-11-27T23:08:14.000Z","dependencies_parsed_at":"2023-01-15T10:45:17.589Z","dependency_job_id":null,"html_url":"https://github.com/dweomer/aws-cloudformation-keypair","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/dweomer/aws-cloudformation-keypair","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dweomer%2Faws-cloudformation-keypair","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dweomer%2Faws-cloudformation-keypair/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dweomer%2Faws-cloudformation-keypair/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dweomer%2Faws-cloudformation-keypair/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dweomer","download_url":"https://codeload.github.com/dweomer/aws-cloudformation-keypair/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dweomer%2Faws-cloudformation-keypair/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28480739,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudformation","cloudformation-custom-resource","cloudformation-template","golang","lambda","serverless-application-model"],"created_at":"2026-01-16T18:25:42.293Z","updated_at":"2026-01-16T18:25:42.366Z","avatar_url":"https://github.com/dweomer.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Custom::KeyPair\n\nA [custom resource][aws-cfn-custom-resources] Lambda function for creating EC2 key-pairs, written in [Go][golang],\nand suitable for [direct][aws-cfn-custom-lambda] invocation by CloudFormation. The private key material is pushed\ninto an associated SSM Parameter.\n\n## Rationale\n\nWell, at the time of this writing the EC2 key-pair is not a [supported resource type in CloudFormation][aws-cfn-resource-types] and I really wanted it to be.\nYou see, for demonstration purposes, I'm a big fan of as-self-contained-as-possible [infrastructure definitions][iac-wiki].\nI really hate specifying parameters for my templates (everything should have a default).\nBecause, have you seen the `aws cloudformation` CLI for specifying parameters? **`/me shudders`**\n\nAdditionally, for those teams that aren't yet spun up on or are otherwise unable to leverage [Terraform](https://terraform.io) or other\n[infrastructure-as-code][iac-book] development tools, this implementation requires no tooling other than the [AWS CLI][aws-cli]\nand optionally the [SAM][aws-sam] [CLI][aws-sam-local] for testing.\n\n## Design\n\n### Declarative EC2 Key-Pair With Key Material Dumped into an SSM Parameter (SecureString)\n\n*AS A* developer of infrastructure\n*I WANT* to create SSH key-pairs for EC2 instances by declaring such in a CloudFormation template\n*SO THAT* when applying said template I am not required to have first created, out of band, EC2 key-pair(s).\n\n#### Input Properties\n\n* optional `KeyName` the EC2 KeyPair name\n  * if not specified, this will be generated (see [NewPhysicalResourceID](aws/ec2/keypair/resource.go#L136))\n\n* optional `ParameterPath` the SSM Parameter name prefix\n  * if not specified, this will default to `/ec2/key-pair`\n\n* optional `ParameterKeyId` which represents the encryption key used to encipher the private key material\n  * if not specified, this will default to `alias/aws/ssm`\n\n* optional `ParameterDescription`\n  * if not specified, this will default to value of the key fingerprint\n\n* optional `ParameterOverwrite` determines if a parameter with the existing name with be overwritten with a new version\n  * if not specified, this will default to `false`\n\n#### Output Attributes\n\n* [!Ref][aws-cfn-intrinsic-ref] `KeyName`\n* [Fn::GetAtt][aws-cfn-intrinsic-getatt] `ParameterName`\n* [Fn::GetAtt][aws-cfn-intrinsic-getatt] `ParameterKeyId`\n\n## TODO\n\n* support [indirect invocation via SNS][aws-cfn-custom-sns]\n* support alternative methods for handling the private key material, such as:\n  * cipher-text as an attribute, suitable for use in an output (NoEcho?)\n  * Simple Storage Service (S3)\n  * Secrets Manager\n  * HTTP PUT\n\n---\n\n[iac-wiki]: \u003chttps://en.wikipedia.org/wiki/Infrastructure_as_Code\u003e \"Infrastructure as Code\"\n[iac-book]: \u003chttps://info.thoughtworks.com/Infrastructure-as-Code-Kief-Morris.html\u003e \"Infrastructure as Code, by Kief Morris\"\n[aws-sdk-golang]: \u003chttps://github.com/aws/aws-sdk-go\u003e \"AWS SDK for Go\"\n[aws-lambda-golang]: \u003chttps://github.com/aws/aws-lambda-go\u003e \"AWS Lambda for Go\"\n[aws-cfn]: \u003chttps://aws.amazon.com/cloudformation\u003e \"AWS CloudFormation\"\n[aws-cli]: \u003chttp://docs.aws.amazon.com/cli/\u003e \"AWS CLI\"\n[aws-sam]: \u003chttps://docs.aws.amazon.com/lambda/latest/dg/serverless_app.html\u003e \"AWS Serverless Application Model\"\n[aws-sam-local]: \u003chttps://github.com/awslabs/aws-sam-local\u003e \"AWS SAM Local\"\n[aws-cfn-resource-types]: \u003chttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html\u003e \"AWS Resource Types\"\n[aws-cfn-custom-resources]: \u003chttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html\u003e \"AWS CloudFormation Custom Resources\"\n[aws-cfn-custom-lambda]: \u003chttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources-lambda.html\u003e \"AWS Lambda\"\n[aws-cfn-custom-sns]: \u003chttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources-sns.html\u003e \"AWS Simple Notification Service aka SNS\"\n[aws-cfn-intrinsic-ref]: \u003chttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html\u003e \"Ref\"\n[aws-cfn-intrinsic-getatt]: \u003chttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html\u003e \"Fn::GetAtt\"\n[aws-resource-property-types-name]: \u003chttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html\u003e \"Resource Property Types\"\n[golang]: \u003chttps://golang.org\u003e \"The Go Programming Language\"\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdweomer%2Faws-cloudformation-keypair","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdweomer%2Faws-cloudformation-keypair","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdweomer%2Faws-cloudformation-keypair/lists"}