Multiple User creation for EC2 Linux Instance

February 20, 2022 at 6:38 pm Reply
Jithesh x Jithu	I have an application hosted on EC2. I have created key-pairs to access the instance and I want to give access of the instance to 5 more users but do not want to share original key-pairs. How can I work it out ?
This discussion contains 3 replies and has 103 views.

February 20, 2022 at 6:38 pm

Jithesh x Jithu

I have an application hosted on EC2. I have created key-pairs to access the instance and I want to give access of the instance to 5 more users but do not want to share original key-pairs. How can I work it out ?

February 23, 2022 at 8:17 pm Reply
maxs	There are two options. 1) Create IAM users and provide them access rights as per requirement. This is applicable at the EC2 level and not at the instance level. With IAM, the user can specify access to AWS services like EC2, S3, VPC etc. 2) The other option is to create individual users for all 5 users. Create separate key-pairs for them. http://www.newvem.com/how-to-separate-key-pair-authentication-for-separate-aws-iam-users/

February 23, 2022 at 8:17 pm

maxs

There are two options.
1) Create IAM users and provide them access rights as per requirement. This is applicable at the EC2 level and not at the instance level. With IAM, the user can specify access to AWS services like EC2, S3, VPC etc.
2) The other option is to create individual users for all 5 users. Create separate key-pairs for them.

http://www.newvem.com/how-to-separate-key-pair-authentication-for-separate-aws-iam-users/

February 24, 2022 at 8:40 am Reply
Ron Hoffman	Just note that the key pairs will be stored in the EC2 instance so be careful while creating AMI or taking snapshots.

February 24, 2022 at 8:40 am

Ron Hoffman

Just note that the key pairs will be stored in the EC2 instance so be careful while creating AMI or taking snapshots.

April 10, 2022 at 11:46 am Reply
Aldrin Leal	Sorry, I didn’t get it. When we talk AWS, there is basically the Credentials Pair (AWS Access Key Id, AWS Secret Key). However, on EC2 in Particular, there’s also the SSH Key Pair, which is unrelated. On EC2, AWS Stores only the public key, and sends you the private (although I don’t recommend - Generate yourself and make AWS import your Public Key - Its better trust me). If you want to share your user access to your EC2 instance, we’re talking SSH, so neither IAM nor even STS could be factored in. What I suggest is, since the instance is on, to generate/pick each users’ public key, and modify their users (or single user) ~/.ssh/authorized_keys file. Just make sure to make it persistent, as I’m not sure if reboots will keep’em as-is. There are better solutions for Key Management, specially from ssh.com (the authors of SSH Protocol, but not OpenSSH), and Chef is also a good fit for this case. YMMV. Note we’re not talking about Network-Level Access (Security Groups). For this, I recommend you understand how Security Groups Work (its more than just Network Address + Port), or consider solutions like OpenVPN Access Server (which I love it for browsing EC2 stuff), as well as Services like Dome9 (http://dome9.com) Hope it helps

April 10, 2022 at 11:46 am

Aldrin Leal

Sorry, I didn’t get it.

When we talk AWS, there is basically the Credentials Pair (AWS Access Key Id, AWS Secret Key). However, on EC2 in Particular, there’s also the SSH Key Pair, which is unrelated.

On EC2, AWS Stores only the public key, and sends you the private (although I don’t recommend - Generate yourself and make AWS import your Public Key - Its better trust me). If you want to share your user access to your EC2 instance, we’re talking SSH, so neither IAM nor even STS could be factored in.

What I suggest is, since the instance is on, to generate/pick each users’ public key, and modify their users (or single user) ~/.ssh/authorized_keys file. Just make sure to make it persistent, as I’m not sure if reboots will keep’em as-is.

There are better solutions for Key Management, specially from ssh.com (the authors of SSH Protocol, but not OpenSSH), and Chef is also a good fit for this case. YMMV.

Note we’re not talking about Network-Level Access (Security Groups). For this, I recommend you understand how Security Groups Work (its more than just Network Address + Port), or consider solutions like OpenVPN Access Server (which I love it for browsing EC2 stuff), as well as Services like Dome9 (http://dome9.com)

Hope it helps

Multiple User creation for EC2 Linux Instance

Watch Newvem's Video

Hot Features

Some of Our Clients

Most Popular Posts

Company

Tips on AWS

AWS Solutions

CloudPedia

Azure

Contact Us

Multiple User creation for EC2 Linux Instance

Watch Newvem's Video

Hot Features

Some of Our Clients

Most Popular Posts

Tags

Stay connected