We have a bastion host and we want to practice immutable infrastructure. That means, when we update the host machine we simply replace it instead of running updates on it. Now, replacing a EC2 machine will create a new host key when the new machine boots up, causing a new fingerprint that is not known to clients in their known_hosts file and ultimately lead to the Host key verification failed error.
How can I define the host key without exposing it in some script or terraform code?
There are multiple questions regarding Host key verification failed, so please note: this is not about authorized_keys, nor is it about changing IP addresses and default AWS DNS hostnames when rebooting an EC2 instance as covered at https://stackoverflow.com/a/30432105/1242922. A custom DNS entry points to our bastion machine, so this is not part of the problem as far as I can tell.