有没有办法使用IAM来管理开发人员对EC2实例的访问? (ssh不是ec2 api)
[英]Is there a way to use IAM to manage developer access to an EC2 instance? (ssh not ec2 api)
问题描述
Is there a way to use IAM to manage developer access to an EC2 instance? 
有没有办法使用IAM来管理开发人员对EC2实例的访问? (ssh not ec2 API). (ssh不是ec2 API)。
Not the EC2 rest API or the online console but to manage individual ssh or ftp access to a server? 不是EC2 rest API或在线控制台,而是管理对服务器的单独ssh或ftp访问?
3 个解决方案
解决方案1
6 2013-11-17 11:47:44
What you are looking for is a linux Pluggable Authentication Module (PAM) that talks to the AWS IAM service. 您正在寻找的是一个与AWS IAM服务对话的Linux可插拔认证模块(PAM)。
This is not available out of the box in an image, but have a look here: https://github.com/denismo/aws-iam-ldap-bridge 这在图像中不是开箱即用的,但请看一下: https : //github.com/denismo/aws-iam-ldap-bridge
This project allows you to sync an LDAP server with IAM, and then you can configure your sshd to use the LDAP server. 此项目允许您将LDAP服务器与IAM同步,然后您可以配置sshd以使用LDAP服务器。
That might work for you. 这可能对你有用。
解决方案2
2 2016-09-26 14:24:52
You can use either of these two projects: https://github.com/widdix/aws-ec2-ssh or https://github.com/kislyuk/keymaker 您可以使用以下两个项目之一: https : //github.com/widdix/aws-ec2-ssh或https://github.com/kislyuk/keymaker
They amount to synchronising the IAM accounts to the user accounts and can pull the SSH keys in. They both rely on a cron job to keep them up to date. 它们相当于将IAM帐户同步到用户帐户,并且可以拉入SSH密钥。它们都依赖于cron作业来使它们保持最新。
解决方案3
0 2013-11-13 01:15:22
No, IAM is meant to control access to EC2 resources. 不,IAM旨在控制对EC2资源的访问。 Logging into an instance via SSH cannot be qualified as same. 通过SSH登录实例不能限定为相同。 Anyone who has .pem key and can log into the instance (presuming the ssh access is allowed in security groups). 任何拥有.pem密钥且可以登录实例的人(假设安全组中允许ssh访问)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.