Update workflow to provision an EC2 instance using Terraform

[emilyllim]

Overview

This issue will include an overview of how to use GitHub Actions to automate provisioning an AWS EC2 instance using Terraform.

Resources

• Running Terraform in automation
• GitHub Action - hashicorp/setup-terraform

[emilyllim]

Changes related to this issue are committed to pull request #7

[emilyllim]

SSH into provisioned EC2 instance

In an attempt to SSH into the instance provisioned by Terraform, I discovered that additional information must be added to the Terraform configuration file.

ISSUE: I could not SSH into the instance because there was no associated key pair created when the instance was provisioned

• So I added an existing key pair to the Terraform configuration.
• To ensure the correct inbound traffic rules, I also added seven other resources to the configuration:
  • A VPC, subnet, security group, elastic IP, internet gateway, route table, and route table association
• After making these changes and running terraform apply again, there is no longer a warning from the console about no associated key pair, but I am still unable to SSH to the instance.
• I am also unable to connect to the instance from EC2 Instance Connect.

Resources

• Connect to your Linux instance from Linux or macOS using SSH
• Terraform - Resource: aws_instance
• Terraform - Resource: aws_key_pair
• Setting Up an AWS EC2 instance with SSH access using Terraform

[emilyllim]

ERROR MESSAGE:

sign_and_send_pubkey: no mutual signature supported
[instance-user-name@instance-public-dns-name]: Permission denied (publickey).

To address this issue of being unable to SSH to the instance, I tried these steps:

• Searched through the "Connection problems and errors" list on AWS's EC2 troubleshooting documentation page, but none of them match the error I'm receiving.
• I added a config file within the .ssh directory in my machine with the following contents:

Host *
   PubkeyAcceptedKeyTypes=+ssh-rsa
   HostKeyAlgorithms=+ssh-rsa

• Now I am able to SSH into the EC2 instance!

Unfortunately, it seems that this method is not recommended for security reasons, so as a better approach, I added a new key pair using ed25519 instead of rsa

• After adding the new key pair, I receive this error:

[instance-user-name@instance-public-dns-name]: Permission denied (publickey).

• This matches the second line of the previous error.
• I destroyed the instance and then provisioned it again, but I am still receiving the error.
• I am also still unable to connect to the instance with EC2 Instance Connect.

Resources

• Troubleshoot connecting to your instance
• Sign_and_send_pubkey: no mutual signature supported
• Create key pairs

[emilyllim]

The next thing I tried to do was update the Terraform configuration file:

• Instead of adding the key pair within aws_instance resource, I defined it as a separate aws_key_pair resource.
• After running terraform apply, attempting to SSH into the instance still results in the same errors.
• After pushing the changes, I also realized that the machine running the workflow does not have access to the key I made locally. To not further complicate this, I ended up removing the key pair resource.

I went back to the previous (deprecated?) method of creating an rsa key pair, and adding the previous rsa config, and then running terraform apply. SSH'ing still works this way.