in source/manifest/cfn_params_handler.py [0:0]
def _create_key_pair(self, account, region, param_key_material=None,
param_key_fingerprint=None, param_key_name=None):
"""Creates an ec2 key pair if it does not exist already.
Args:
account:
region:
param_key_material: key material used to encrypt and decrypt data.
Default to None
param_key_fingerprint: key finger print. Default to None
param_key_name: key name. A key name will be automatically created
if there is none. Default to None
Returns:
key name
"""
if param_key_name:
self.logger.info("Looking up values in SSM parameter:{}"
.format(param_key_name))
existing_param = self.ssm.describe_parameters(param_key_name)
if existing_param:
return self.ssm.get_parameter(param_key_name)
key_name = sanitize("%s_%s_%s_%s" % ('custom_control_tower', account,
region,
time.strftime("%Y-%m-%dT%H-%M-%S")
))
ec2 = self._session(region, account)
# create EC2 key pair in member account
self.logger.info("Create key pair in the member account {} in"
" region: {}".format(account, region))
response = ec2.create_key_pair(key_name)
# add key material and fingerprint in the SSM Parameter Store
self.logger.info("Adding Key Material and Fingerprint to SSM PS")
description = "Contains EC2 key pair asset created by Custom " \
"Control Tower Solution: " \
"EC2 Key Pair Custom Resource."
# Get Custom Control Tower KMS Key ID
key_id = self._get_kms_key_id()
if param_key_fingerprint:
self.ssm.put_parameter_use_cmk(param_key_fingerprint, response
.get('KeyFingerprint'),
key_id, description)
if param_key_material:
self.ssm.put_parameter_use_cmk(param_key_material, response
.get('KeyMaterial'),
key_id, description)
if param_key_name:
self.ssm.put_parameter(param_key_name, key_name, description)
return key_name