- 新しい順
- 投票が多い順
- コメントが多い順
Hello.
I think it would be a good idea to store the key pair in the Systems Manager Parameter Store and restrict who can access it using IAM policies, etc.
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html#create-key-pair-cloudformation
I recommend reading the FAQ document below for the differences between Secrets Manager and Parameter Store.
https://aws.amazon.com/systems-manager/faq/?nc1=h_ls#Parameter_Store
You can launch a EC2 instance without associating a key pair.
I would suggest you enable AWS Systems Manager Session Manager and optionally EC2 Instance Connect in the event you need to access your Linux instance.
Thanks, Mike. I will definitely keep this in mind for future deployments. I would prefer to use SSM as much as possible, anyhow. Thanks again!
Besides storing the key, you can also consider to update/remove the key instance: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replacing-key-pair.html But be aware "after you remove all the public keys from an instance and disconnect from the instance, you can't connect to it again unless the AMI provides another way of logging in."