2.4.7 AWS Key Management Process
- User generates his/her own GPG Keys and adds the public key into the
data
folder as described here - Updates the
user.auto.tfvars
file with the requisite information like username,public key name and the privileges. - Checks in the code and creates a PR for approval.
- Once PR is approved and merged, user will be created.
- Extracts the temporary password and the encrypted AWS access keys.
- Changes the console password,configures the MFA and decrypts the AWS Access keys using the private GPG on his/her own machine.
- Assumes the IAM Role and accesses the Cloud as needed.
Alternative to GPG Keys
An alternative to generating GPG keys from CLI is to use https://keybase.io where each user can publish their own GPG keys on internet. Terraform has provision to read the published GPG keys from internet.