0.0.4

• Two (or more) person vouching is now implemented
• lkp host command determines its own region from EC2 metadata service
• lkp host and lkp ssh now work with cross-region KMS keys and/or Lambda funcs
• Authoriser now gets sent requested SSH username
• CloudTrail logs requested SSH username
• Authoriser can now return chained jumpboxes for multi-hop scenarios (not yet supported by client)
• lkp host can request additional principals, e.g. DNS names for load-balanced bastions

0.0.3

• E2E still working
• Authorisation implemented by means of an admin-authored Lambda function
• Jumpbox for ProxyCommand can be defined by authoriser lambda
• Two-person operation (i.e. vouching) is not yet implemented

0.0.2

Mostly functional:

• E2E tests pass. Lambda will sign certs requested by lkp ssh exec ...
• Host cert-signing is in there

Doesn't yet support access control policies, or setup command or a bunch of stuff required to be usable by people other than me