当对多个用户使用ssh密钥访问来访问EC2实例时,是否有一种避免秘密密钥共享的方法。可以通过任何一种方法来实现。 IAM资源对此有帮助吗?
以下是我到目前为止已实现的Terraform代码:
provider "aws" {
access_key = ""
secret_key = ""
region = "eu-north-1"
}
resource "aws_instance" "new" {
# ...instance configuration...
ami = "ami-4bd45f35"
availability_zone = "eu-north-1b"
ebs_optimized = true
instance_type = "t3.medium"
monitoring = false
key_name = "new"
subnet_id = "subnet-5af3f122"
vpc_security_group_ids = ["sg-0a4f03bc2ee1fda8b"]
associate_public_ip_address = true
private_ip = "172.16.1.101"
source_dest_check = true
root_block_device {
volume_type = "gp2"
volume_size = 8
delete_on_termination = true
}
}
resource "aws_iam_user" "lb" {
name = "loadbalancer"
path = "/system/"
tags = {
tag-key = "tag-value"
}
}
resource "aws_iam_access_key" "lb" {
user = "${aws_iam_user.lb.name}"
}
resource "aws_iam_user_policy" "lb_ro" {
name = "test"
user = "${aws_iam_user.lb.name}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}
答案 0 :(得分:0)
我建议使用EC2 Instance Connect简化对实例的访问。
引自文档:
使用EC2实例连接,您可以控制对您的SSH的访问 使用AWS Identity and Access Management(IAM)策略作为实例 以及使用AWS CloudTrail事件审核连接请求。在 此外,您可以利用现有的SSH密钥或进一步增强功能 每次生成一次使用SSH密钥就可以确保您的安全状态 授权用户进行连接。 Instance Connect可与任何SSH客户端配合使用, 或者您可以通过基于浏览器的新浏览器轻松连接到您的实例 EC2控制台中的SSH经验。
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect.html