SSH key managment for multiple accounts

Question

Hi,
We need to achieve:

1) Possibility to create/delete ssh key pairs for instances hosted in multiple accounts, in one place (centralization)
2) Possibility to assign permissions for the user we are ssh'ing into inside the instance, for example : IAM - admin user, should have admin ssh key, which will give full read/write permissions in virtual machine in which user is ssh'ing, and the IAM - support user, should have support ssh key, which will give less permissions.

Any suggestions, in what we can look into, are welcome.
As i googled a bit, the "AWS system manager" - "session manager" looks like it would work for us, but does it work for instances hosted in multiple accounts?

Joann

Accepted Answer

Yes, this is possible using roles in the different accounts. Here is an example of how one organization set this up, [Replacing SSH access to reduce management and security overhead with AWS Systems Manager](https://aws.amazon.com/blogs/mt/vr-beneficios-session-manager/).

Answer

Additionally, please note you can also use AWS Secrets Manager to securely store and rotate SSH key pairs

[How to use AWS Secrets Manager to securely store and rotate SSH key pairs](https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-manager-securely-store-rotate-ssh-key-pairs/)

SSH key managment for multiple accounts

関連するコンテンツ