Is it secure to store the cert/key on a private AMI?
Posted
by Phillip Oldham
on Server Fault
See other posts from Server Fault
or by Phillip Oldham
Published on 2010-04-22T09:01:59Z
Indexed on
2010/04/22
9:04 UTC
Read the original article
Hit count: 259
amazon-ec2
|security
Are there any major security implications to bundling a private AMI which contains the private key/certificate & environment variables?
For resiliency I'm creating an EC2 image which should be able to boot and configure itself without any intervention. After boot it will attempt to:
- Attach & mount specific EBS volume(s)
- Associate a specific Elastic IP
- Start issuing backups of the EBS volume(s) to S3
However, to do this it will need the private key/pem files and will need certain environment variables to be available on start-up. Since this is a private AMI I'm wondering if it will be "safe" to store these variables/files directly in the image so that I don't need to specify any user-data information and can therefore start a new instance remotely (from my iPhone, if needed) should the instance be terminated for any reason.
© Server Fault or respective owner