By using AWS re:Post, you agree to the Terms of Use
/Roles - changing tag depending on user assuming the role/

Roles - changing tag depending on user assuming the role

0

Hi,

My first question - https://repost.aws/questions/QUS8M4w0jkS8iV6EzPmaRmag/ssh-key-managment-for-multiple-accounts

Im trying to use "AWS system manager" - "session manager". As i was advised in my previous question, to be able to login into the EC2 instances located in multiple accounts, i will need to do something similar to https://aws.amazon.com/blogs/mt/vr-beneficios-session-manager/

But the problem is that i need to have for each IAM user their own user in EC2 instance, as i found out, i need to pass tag "SSMSessionRunAs" with the value of the username to witch im login in. But if i will use "group" roles (roles assigned for multiple users), they will be authenticating with the same user in EC2 instance, which will not work for me. Does that mean, that in my case i will need to create a role for each IAM user? or i can change tag of the role depending on the user assuming this role?

Thank you very much.

Joann

1 Answers
0
Accepted Answer

I can set tags, while assuming the role ---> https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html , so when user assumes the role, user also sets the tag, with value of user in EC2 instance.

Joann Babak
answered 6 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions