Is there a way to use IAM to manage developer access to an EC2 instance? (ssh not ec2 api)
Question
Is there a way to use IAM to manage developer access to an EC2 instance? (ssh not ec2 API).
Not the EC2 rest API or the online console but to manage individual ssh or ftp access to a server?
3 answers
solution1
6 2013-11-17 11:47:44
What you are looking for is a linux Pluggable Authentication Module (PAM) that talks to the AWS IAM service.
This is not available out of the box in an image, but have a look here: https://github.com/denismo/aws-iam-ldap-bridge
This project allows you to sync an LDAP server with IAM, and then you can configure your sshd to use the LDAP server.
That might work for you.
solution2
2 2016-09-26 14:24:52
You can use either of these two projects: https://github.com/widdix/aws-ec2-ssh or https://github.com/kislyuk/keymaker
They amount to synchronising the IAM accounts to the user accounts and can pull the SSH keys in. They both rely on a cron job to keep them up to date.
solution3
0 2013-11-13 01:15:22
No, IAM is meant to control access to EC2 resources. Logging into an instance via SSH cannot be qualified as same. Anyone who has .pem key and can log into the instance (presuming the ssh access is allowed in security groups).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.