⚠️ Incompatible to v1.x - This will not only require you to update your code, but also will destroy your keys and secrets and re-generate them!
- Adds support for storing the public key in secrets manager. Set
storePublicKey = true on the input properties
- Since now you have potentially two secrets (private and public key), some input properties and construct methods have been renamed:
- Additional to property
kms now you have kmsPrivateKey and kmsPublicKey, to specify different keys for the secrets. If one property is not set, it falls back to the value provided via kms
- The construct method
grantRead has been replaced with two new methods grantReadOnPrivateKey and grantReadOnPublicKey to grant access to the two secrets separately
- The construct property
arn has been replaces with privateKeyArn and publicKeyArn
- The construct property
name has been replaced with keyPairName
- New construct property
keyPairID, which holds the resource ID of the Key Pair, e.g. key-1234567890
- EC2 Key Pairs now are tagged. In v1.x only the secrets were tagged
- With Key Pair tagging support, we now have improved IAM restrictions, based on tags. The lambda cannot touch keys it didn't create
- The tag name for identifying resources has bee renamed from
CreaedBy to CreatedByCfnCustomResource
- Default secret prefix has been renamed from
ec2-private-key/ to ec2-ssh-key/
- The private key secret now is suffixied with
/private. The public key will be suffixed with /public
- Construct properties
keyLength and tags have been removed. These were remains of previous versions which had no effect since long time
