When I started working at my current job I found that all the developers used the same key to access all the servers by ssh.
Looking for a solution I found a script that synchronizes the ssh keys with the users of IAM.
The problem was that all our infrastructure was based on Elastic Beanstalk and the solution was designed for EC2. If it was installed manually as in EC2 it would be erased when the instance is rebuilt.
To solve this problem, create a script that installs the package after each deploy (in case it is not installed previously) and then configure it.
| commands: | |
| 01-configure_sudoers_users: | |
| command: sed -i 's/SUDOERS_GROUPS=""/SUDOERS_GROUPS="SSH"/' /etc/aws-ec2-ssh.conf | |
| 02-configure_authorized_users: | |
| command: sed -i 's/IAM_AUTHORIZED_GROUPS=""/IAM_AUTHORIZED_GROUPS="SSH"/' /etc/aws-ec2-ssh.conf | |
| 03-start_sync: | |
| command: sed -i 's/DONOTSYNC=1/DONOTSYNC=0/' /etc/aws-ec2-ssh.conf | |
| packages: | |
| rpm: | |
| epel: "https://s3-eu-west-1.amazonaws.com/widdix-aws-ec2-ssh-releases-eu-west-1/aws-ec2-ssh-1.9.2-1.el7.centos.noarch.rpm" | |
| yum: | |
| aws-ec2-ssh: [] |
To use this script it is necessary to save it in the .ebextensions folder and then make a new build.
Update June 2019: Check out Amazon EC2 Instance Connect as a replacement for this script.
For more documentation see the GitHub repository.
Top comments (2)
i am not able to access it . getting no supported authentication methods available (server sent: publickey
Update June 2019
Check out Amazon EC2 Instance Connect as a replacement for this script.