Using Git Repository SSH Keys - AWS OpsWorks

Using Git Repository SSH Keys

Important

AWS OpsWorks Stacks is no longer accepting new customers. Existing customers will be able to use the OpsWorks console, API, CLI, and CloudFormation resources as normal until May 26, 2024, at which time they will be discontinued. To prepare for this transition, we recommend you transition your stacks to AWS Systems Manager as soon as possible. For more information, see AWS OpsWorks Stacks End of Life FAQs and Migrating your AWS OpsWorks Stacks applications to AWS Systems Manager Application Manager.

A Git repository SSH key, sometimes called a deploy SSH key, is an SSH key with no password that provides access to a private Git repository. Ideally, it doesn't belong to any specific developer. Its purpose is to allow AWS OpsWorks Stacks to asynchronously deploy apps or cookbooks from a Git repository without requiring any further input from you.

The following describes the basic procedure for creating a repository SSH key. For details, see the documentation for your repository. For example, Managing deploy keys describes how to create a repository SSH key for a GitHub repository, and Deployment Keys on Bitbucket describes how to create a repository SSH key for a Bitbucket repository. Note that some documentation describes creating a key on a server. For AWS OpsWorks Stacks, just replace "server" with "workstation" in the instructions.

To create a repository SSH key
  1. Create a deploy SSH key pair for your Git repository on your workstation using a program such as ssh-keygen.

    Important

    AWS OpsWorks Stacks does not support SSH key passphrases.

  2. Assign the public key to the repository and store the private key on your workstation.

  3. Enter the private key in the Repository SSH Key box when you add an app or specify cookbook repository. For more information, see Adding Apps.

AWS OpsWorks Stacks passes the repository SSH key to each instance, and the built-in recipes then use the key to connect to the repository and download the code. The key is stored in the deploy attributes as node[:deploy]['appshortname'][:scm][:ssh_key], and is accessible only to the root user.