Is it secure to store the cert/key on a private AMI?

Posted by Phillip Oldham on Server Fault See other posts from Server Fault or by Phillip Oldham
Published on 2010-04-22T09:01:59Z Indexed on 2010/04/22 9:04 UTC
Read the original article Hit count: 259

Filed under:
|

Are there any major security implications to bundling a private AMI which contains the private key/certificate & environment variables?

For resiliency I'm creating an EC2 image which should be able to boot and configure itself without any intervention. After boot it will attempt to:

  • Attach & mount specific EBS volume(s)
  • Associate a specific Elastic IP
  • Start issuing backups of the EBS volume(s) to S3

However, to do this it will need the private key/pem files and will need certain environment variables to be available on start-up. Since this is a private AMI I'm wondering if it will be "safe" to store these variables/files directly in the image so that I don't need to specify any user-data information and can therefore start a new instance remotely (from my iPhone, if needed) should the instance be terminated for any reason.

© Server Fault or respective owner

Related posts about amazon-ec2

Related posts about security