aws-ec2-ssh icon indicating copy to clipboard operation
aws-ec2-ssh copied to clipboard
verified publisher icon widdix

Alternative to import_users.sh for EC2 Instance Connect?

Open bedge opened this issue 4 years ago • 3 comments

This package now references "EC2 Instance Connect" as a replacement: https://aws.amazon.com/blogs/compute/new-using-amazon-ec2-instance-connect-for-ssh-access-to-your-ec2-instances/

However there's one component I don't see in 'EC2 Instance Connect` - the bulk import of IAM users into local users onto the AWS linux instance.

Is there some other mechanism that is intended to handle that function?

bedge avatar Mar 29 '21 17:03 bedge

Hi @bedge You are right. EC2 Instance Connect does not create local users for you. Feel free to continue to use this project if you need this capability.

michaelwittig avatar Mar 30 '21 07:03 michaelwittig

@michaelwittig One more follow up if I may. Given that EC2 Instance Connect also requires that users exist in IAM, it seems plausible that one could port the import_users.sh script from this package to fill in the missing piece. From what I can tell you can't install both as they each need to control the sshd_config settings for AuthorizedKeysCommand

We have a mandate to rotate all ssh keys, so I'm wondering if a merging of the these to packages, even if only the import_users.sh script from here, might provide a complete solution.

bedge avatar Mar 30 '21 18:03 bedge

I don't have an answer. Let's see if someone else has.

michaelwittig avatar Mar 30 '21 19:03 michaelwittig