AWS IAM User SSH Key

This page shows how to write Terraform and CloudFormation for IAM User SSH Key and write them securely.

aws_iam_user_ssh_key (Terraform)

The User SSH Key in IAM can be configured in Terraform with the resource name aws_iam_user_ssh_key. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

user.tf#L11
resource "aws_iam_user_ssh_key" "key1" {
  username   = aws_iam_user.user.name
  encoding   = "SSH"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuxTuI+dUrkxojQJdVa4s7G59corPjSHyFkZy4h4JCpkPLMPP4RJE+6KQWk9eEsUxE90YnI17WxJc6uHY56xVZsPGyTbSobEFk4poufQ2MpCj08slWYkfpMw2yOYIuBZoYtw6IbqYq4tuQLdSx9TOAC3C7hdp0OtNgaDelAha1jiNChwFGheXQCM5T+py/QPMJsEL7Iqf3O0DppXwfCWjV3nIjiqvPtgypxE5Zzj8xPu64cjqfd0GavPzmj/ukxOSinepkx7GRx31DWIJvk8FLF6xSjERy2Ooo7lAu1nFl9pFefOt4hJ5UUpdcbYO8MNZzYfrqu/E5wBd7sGSClY79"
  status     = "Inactive"
}
user.tf#L11
resource "aws_iam_user_ssh_key" "key1" {
  username   = aws_iam_user.user.name
  encoding   = "SSH"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuxTuI+dUrkxojQJdVa4s7G59corPjSHyFkZy4h4JCpkPLMPP4RJE+6KQWk9eEsUxE90YnI17WxJc6uHY56xVZsPGyTbSobEFk4poufQ2MpCj08slWYkfpMw2yOYIuBZoYtw6IbqYq4tuQLdSx9TOAC3C7hdp0OtNgaDelAha1jiNChwFGheXQCM5T+py/QPMJsEL7Iqf3O0DppXwfCWjV3nIjiqvPtgypxE5Zzj8xPu64cjqfd0GavPzmj/ukxOSinepkx7GRx31DWIJvk8FLF6xSjERy2Ooo7lAu1nFl9pFefOt4hJ5UUpdcbYO8MNZzYfrqu/E5wBd7sGSClY79"
  status     = "Inactive"
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Uploads an SSH public key and associates it with the specified IAM user.

Tips: Best Practices for The Other AWS IAM Resources

In addition to the aws_iam_account_password_policy, AWS IAM has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_iam_account_password_policy

Ensure AWS IAM account password policies requires long passwords

It's better to enforce the use of long and complex passwords to reduce the risk of bruteforce attacks.

Review your AWS IAM settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::IAM::Policy (CloudFormation)

The Policy in IAM can be configured in CloudFormation with the resource name AWS::IAM::Policy. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

skillbrowser-lambda.yml#L49
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: LambdaFunctionPolicy
      Roles:
      - !Ref 'LambdaRole'
      PolicyDocument:
frontend.yml#L41
        Type: AWS::IAM::Policy
        Properties:
            PolicyName: CmsFrontsPolicy
            PolicyDocument:
                Version: "2012-10-17"
                Statement:
roles.yml#L30
    Type: "AWS::IAM::Policy"
    DependsOn: SSODashboardRole
    Properties:
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
roles.yml#L26
    Type: "AWS::IAM::Policy"
    DependsOn: OIDCAccessProxyRole
    Properties:
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
serverless.yml#L123
      Type: AWS::IAM::Policy
      Properties:
        PolicyName: serverless-event-logging
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
s3-cloudformation-template.json#L310
            "Type": "AWS::IAM::Policy",
            "Properties": {
                "PolicyName": {
                    "Ref": "s3PublicPolicy"
                },
                "Roles": [
s3-cloudformation-template.json#L240
            "Type": "AWS::IAM::Policy",
            "Properties": {
                "PolicyName": {
                    "Ref": "s3PublicPolicy"
                },
                "Roles": [
s3-cloudformation-template.json#L240
            "Type": "AWS::IAM::Policy",
            "Properties": {
                "PolicyName": {
                    "Ref": "s3PublicPolicy"
                },
                "Roles": [
s3-cloudformation-template.json#L214
            "Type": "AWS::IAM::Policy",
            "Properties": {
                "PolicyName": {
                    "Ref": "s3PublicPolicy"
                },
                "Roles": [
s3-cloudformation-template.json#L210
            "Type": "AWS::IAM::Policy",
            "Properties": {
                "PolicyName": {
                    "Ref": "s3PublicPolicy"
                },
                "Roles": [

Parameters

Explanation in CloudFormation Registry

Adds or updates an inline policy document that is embedded in the specified IAM user, group, or role.

An IAM user can also have a managed policy attached to it. For information about policies, see Managed Policies and Inline Policies in the IAM User Guide.

The Groups, Roles, and Users properties are optional. However, you must specify at least one of these properties.

For information about limits on the number of inline policies that you can embed in an identity, see Limitations on IAM Entities in the IAM User Guide.

Frequently asked questions

What is AWS IAM User SSH Key?

AWS IAM User SSH Key is a resource for IAM of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS IAM User SSH Key?

For Terraform, the staxio/cloud-custodian and cloud-custodian/cloud-custodian source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the victorsalaun/skillbrowser-aws-serverless, guardian/front-pressed-lambda and mozilla-iam/sso-dashboard source code examples are useful. See the CloudFormation Example section for further details.