feat: create ssh key for aws ssm

.github/workflows/create-eks-terraform.yml

@@ -65,6 +65,10 @@ jobs:
           key    = "${{ github.event.inputs.name }}"
           region = "${{ env.STATE_BUCKET_REGION }}"
         END
+    - name: Generate ssh key for aws ssm
+      run: 
+         ssh-keygen -q -t ed25519 -f "id_ed25519" -N ""
+         echo "SSH_KEY=$(cat id_ed25519.pub)" >> $GITHUB_ENV
     - name: Create variables file
       run: |
         tee eks-terraform/${{ github.event.inputs.name }}.tfvars << END
@@ -73,6 +77,7 @@ jobs:
           single_nat_gateway = "${{ github.event.inputs.single_nat_gateway }}"
           eks_version  = "${{ github.event.inputs.eks_version }}"
           worker_count = "${{ github.event.inputs.worker_count }}"
+          ssh_key      = "${{ env.SSH_KEY }}"
         END
     - name: Save variables file to s3
       uses: keithweaver/aws-s3-github-action@v1.0.0
@@ -122,5 +127,7 @@ jobs:
         name: outputs-${{ github.event.inputs.name }}
         path: |
           eks-terraform/ 
+          id_ed25519
+          id_ed25519.pub
           !eks-terraform/.terraform/
           !eks-terraform/.terraform.lock.hcl

eks-terraform/eks.tf

@@ -102,6 +102,7 @@ module "eks" {
     }
 
     # IAM
+    key_name                   = aws_key_pair.workers.key_name
     iam_role_attach_cni_policy = true
     iam_role_additional_policies = {
       AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",

eks-terraform/iam.tf

@@ -1,3 +1,8 @@
+resource "aws_key_pair" "workers" {
+  key_name   = "yubikey"
+  public_key = var.ssh_key
+}
+
 resource "aws_iam_role_policy_attachment" "account_admin" {
   role       = aws_iam_role.cluster_admin.name
   policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"

eks-terraform/variables.tf

@@ -17,3 +17,7 @@ variable "eks_version" {
 variable "worker_count" {
   type = number
 }
+
+variable "ssh_key" {
+  type = string
+}