# EC2 isntance for contract deployment and management Whenever a new ec2 instance is created, in order to give it all necessary access to secret values, keys etc a number of steps needs to be performed: <br> ### Role assignment After the first lunch, shut down the EC2 instance, and go to `Actions -> Security -> Modify IAM role`. Find and attach the [EC2_peanut_hardhat](https://us-east-1.console.aws.amazon.com/iam/home?region=eu-north-1#roles/EC2_peanut_hardhat) role, this would allow an EC2 instance to access secret values from Secrets Manager. <br> ### SSH key setup After the role assignment, run the following ``` #!/bin/bash aws secretsmanager get-secret-value --secret-id ssh_ec2 | jq -r '.SecretString' > ~/.ssh/id_ed25519 sudo chown 400 ~/.ssh/id_ed25519 ssh-add ~/.ssh/id_ed25519 ``` To test: ``` ssh-add -l ``` <br> <br> ## Accessing secrets at runtime Use the following command as an example, it would grab the secret called `hh_deployer.env` from the Secrets Mnager, extract it value and write into the `.env` file for later use: ``` aws secretsmanager get-secret-value --secret-id hh_deployer.env | jq -r '.SecretString' > .env ```