By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Roles - changing tag depending on user assuming the role

0

Hi,

My first question - https://repost.aws/questions/QUS8M4w0jkS8iV6EzPmaRmag/ssh-key-managment-for-multiple-accounts

Im trying to use "AWS system manager" - "session manager". As i was advised in my previous question, to be able to login into the EC2 instances located in multiple accounts, i will need to do something similar to https://aws.amazon.com/blogs/mt/vr-beneficios-session-manager/

But the problem is that i need to have for each IAM user their own user in EC2 instance, as i found out, i need to pass tag "SSMSessionRunAs" with the value of the username to witch im login in. But if i will use "group" roles (roles assigned for multiple users), they will be authenticating with the same user in EC2 instance, which will not work for me. Does that mean, that in my case i will need to create a role for each IAM user? or i can change tag of the role depending on the user assuming this role?

Thank you very much.

Joann

Topics
Security, Identity, & ComplianceManagement & GovernanceCompute
Tags
AWS Identity and Access ManagementAWS Management ConsoleAmazon EC2Session Management
Language
English
Joann Babak
asked 2 years ago618 views
1 Answer
0
Accepted Answer

I can set tags, while assuming the role ---> https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html , so when user assumes the role, user also sets the tag, with value of user in EC2 instance.

Joann Babak
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content