Multiple User creation for EC2 Linux Instance

Home»AWS Support Community Forum»Multiple User creation for EC2 Linux Instance

Multiple User creation for EC2 Linux Instance

Jithesh x Jithu

I have an application hosted on EC2. I have created key-pairs to access the instance and I want to give access of the instance to 5 more users but do not want to share original key-pairs. How can I work it out ?

This discussion contains 3 replies and has 103 views.



There are two options.
1) Create IAM users and provide them access rights as per requirement. This is applicable at the EC2 level and not at the instance level. With IAM, the user can specify access to AWS services like EC2, S3, VPC etc.
2) The other option is to create individual users for all 5 users. Create separate key-pairs for them.


Ron Hoffman

Just note that the key pairs will be stored in the EC2 instance so be careful while creating AMI or taking snapshots.


Aldrin Leal

Sorry, I didn’t get it.

When we talk AWS, there is basically the Credentials Pair (AWS Access Key Id, AWS Secret Key). However, on EC2 in Particular, there’s also the SSH Key Pair, which is unrelated.

On EC2, AWS Stores only the public key, and sends you the private (although I don’t recommend - Generate yourself and make AWS import your Public Key - Its better trust me). If you want to share your user access to your EC2 instance, we’re talking SSH, so neither IAM nor even STS could be factored in.

What I suggest is, since the instance is on, to generate/pick each users’ public key, and modify their users (or single user) ~/.ssh/authorized_keys file. Just make sure to make it persistent, as I’m not sure if reboots will keep’em as-is.

There are better solutions for Key Management, specially from (the authors of SSH Protocol, but not OpenSSH), and Chef is also a good fit for this case. YMMV.

Note we’re not talking about Network-Level Access (Security Groups). For this, I recommend you understand how Security Groups Work (its more than just Network Address + Port), or consider solutions like OpenVPN Access Server (which I love it for browsing EC2 stuff), as well as Services like Dome9 (

Hope it helps

You must be logged in to reply to this topic.