Bamboo 3.4 : Generating your AWS Private Key File and Certificate File

The Amazon Web Services (AWS) private key file and certificate file work together to allow Elastic Bamboo to securely access AWS. It is different to the security mechanism provided by the AWS Secret Access Key and is required to enable certain features, such as EBS for elastic instances and the Amazon command line tools.

  • The certificate file contains the public key associated with your AWS account. This file is kept by Amazon, (not on your Bamboo server).
  • The private key file contains the private key that is used to authenticate requests to AWS. This file must be stored on your Bamboo server, if you are using EBS for elastic instances or the Amazon command line tools.
  • The public key and private key from these files together form an X.509 certificate.

Generating the Files

 

The first time you use Elastic Bamboo, Bamboo will automatically generate the private key file and certificate file for you. The certificate file will be kept by Amazon (to inject into your elastic instances) and the private key file will be downloaded to your Bamboo server in your Bamboo Home directory. If you are setting up Elastic Bamboo on multiple Bamboo servers using the same AWS account, you can simply copy the private key file across from the original Bamboo server. You should not need to regenerate the private key file and certificate file unless your private key file is lost or corrupted.

If you do need to regenerate the private key file and certificate file, please follow the instructions in the Amazon X.509 Certificates documentation. The Amazon documentation also contains instructions on using your own certificate, if you wish.

Downloading the Files

 

Once the files are generated, you will be able to download them (see screenshot below). We recommend that you store the files in the Home directory of your Bamboo server.

Screenshot above: Downloading the generated AWS private key file and certificate file

Notes

Please take note of the following important information regarding your AWS private key file and certificate file:

  • If you wish to use this security mechanism with multiple Bamboo installations using the same AWS account (e.g. you have configured your elastic instances on each installation to use EBS), you will need to copy the AWS private key file and certificate file to each Bamboo server.
  • You can only download the AWS private key file at the time it is generated. If the private key file has already been generated for your AWS account, you will not be able to download it from AWS again (for security purposes). You will have to copy it from wherever it was previously downloaded to. Otherwise you will have to generate a new private key file and certificate file to go with it.
    (warning) If you regenerate a new private key file and certificate file, any Bamboo servers using the old private key file and certificate file will no longer be able to access the Amazon EC2, as only one X.509 certificate can be associated with your AWS account.
  • You can download the AWS certificate file as many times as you want. This file does not need to be regenerated.
Related Topics

Configuring Elastic Bamboo

Attachments: