I need to configure all AWS instances using ansible (for example install datadog agent), but I do not have key-pairs for each of those instances. Is there a way I can enable ansible-ssh without keypair?
Can you access the instances at all? Using any account? Does that account have root access or sudo privileges?
If so, then you can log in, and authorizze access to any existing account for any public key of your choice. It dioesn’t have to be the one issued by AWS.
If you do not have access that lets you do this, then you are out of luck. The only way forward would be (for each instance):
-
stop the instance
-
detach the root volume from the instance
-
mount the root volume as an additional volume on another instance
-
using root access on the other instance, modify the attached volume:
-
add a new user to /home
-
add entries to /etc/passwd, /etc/shadow and /etc/group
-
make sure the new user has sudo access
-
put an appropriate public key in the .ssh/authorized_keys file for the new user
-
detach the volume from the other instance
-
reattach the volume to the original instance
-
start the original instance
That’s roughly it, anyway. None of it will work if you have encrypted the volume, or do not have administrative access to the AWS account containing the instance.
If the instances are being created by an ASG, then you could use the userdata to get in to new instances. Ask if you need to know how.
Regards, K.
The access key-pairs were created by different teams, and they have stored it somewhere. But it is a tedious task to ask for key-pair everytime a new pair is created. So, I was looking for an alternative. We have root access to the AWS account though. But that only enable aws command not the ansible.