in functions/source/CreateSSHKey/lambda_function.py [0:0]
def lambda_handler(event,context):
try:
if event['RequestType'] == 'Create':
# Generate keys
new_key = rsa.generate_private_key(
backend=crypto_default_backend(), public_exponent=65537,
key_size=2048)
priv_key = str(new_key.private_bytes(
crypto_serialization.Encoding.PEM,
crypto_serialization.PrivateFormat.PKCS8,
crypto_serialization.NoEncryption()
), 'utf-8')
pub_key = str(new_key.public_key().public_bytes(
crypto_serialization.Encoding.OpenSSH,
crypto_serialization.PublicFormat.OpenSSH
), 'utf-8')
print(priv_key)
print(pub_key)
# Encrypt private key
kms = boto3.client(
'kms', region_name=event["ResourceProperties"]["Region"])
enc_key = kms.encrypt(
KeyId=event["ResourceProperties"]["KMSKey"],
Plaintext=priv_key)['CiphertextBlob']
f = open('/tmp/enc_key', 'wb')
f.write(enc_key)
f.close()
# Upload private key to S3
s3 = boto3.client('s3')
s3.upload_file('/tmp/enc_key',
event["ResourceProperties"]["KeyBucket"], 'enc_key')
else:
pub_key = event['PhysicalResourceId']
cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, pub_key)
except:
traceback.print_exc()
cfnresponse.send(event, context, cfnresponse.FAILED, {}, '')