This project is deprecated. The original goal of this construct was to provide an API for creating EC2 Key Pairs. The custom resource provider I used had much more functionality. It turned out this additional functionality was never needed and creating EC2 Key Pairs was overly complicated.
To create EC2 Key Pairs you now can use my new construct: cdk-ec2-key-pair
AWS CDK construct to manage secrets. It makes use of a custom resource provider from binxio/cfn-secret-provider.
This package is written in TypeScript and made available via JSII to all other supported languages. Package are available on:
The secret provider can create RSA keys, DSA keys, EC2 key-pairs, IAM user passwords and access keys and generally secrets stored in parameter store or secret store.
All this functionality is provided by the binxio/cfn-secret-provider custom resource.
When it comes to security, you should not trust anyone. By default the secret provider uses the lambda function stored at s3:https://binxio-public-${AWS_REGION}/lambdas/cfn-secret-provider-1.0.0.zip
. You might want to download this file, review its contents and store it in your own bucket or along with your code. You then can create the lambda function from that zip file instead like so:
const code = lambda.Code.fromAsset(path.join(__dirname, '../cfn-secret-provider-1.0.0.zip'));
const secretProvider = new secret.Provider(this, 'SecretProvider', {
code: code,
});
There is an example application in ./example showing how to create a new EC2 key pair.