Menu
I'm working in a team with 8 people. I need to create an EC2 intance. Just before I create the instance, EC2 lets me create a key-pair and then download it.
The problem is: That way I need to share the same private key for all 8 team members.
Now, what happens if tomorrow one of the teammates leave? I will need to recreate the machine with a new key pair.
How can I manage the keys correctly so every team member will have his/her unique key that is associate with his/her IAM user, so once he/she leaves the company, I will be able to invalidate his/her key?
656
Try to avoid giving the PEMs for the instances to everyone, keep these with the Administrators in a tool such as a password vault.
Remember that to rotate these PEMs you would need to manually replace the authorized_keys on any Linux instance, and for Windows instances where you use this PEM to get the Windows password you would need to replace and launch with the new PEM.
AWS has a couple of solutions that help make secure access to your Linux instances easier:
149
I suggest looking into using EC2 Instance Connect which uses temporary SSH keys and allows you to grant access using IAM policies.
Otherwise, I suggest using a tool like Ansible to manage the SSH keys on your fleet of instances so you can easily add or remove keys.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
