Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Roles - changing tag depending on user assuming the role

0

Hi,

My first question - https://repost.aws/questions/QUS8M4w0jkS8iV6EzPmaRmag/ssh-key-managment-for-multiple-accounts

Im trying to use "AWS system manager" - "session manager". As i was advised in my previous question, to be able to login into the EC2 instances located in multiple accounts, i will need to do something similar to https://aws.amazon.com/blogs/mt/vr-beneficios-session-manager/

But the problem is that i need to have for each IAM user their own user in EC2 instance, as i found out, i need to pass tag "SSMSessionRunAs" with the value of the username to witch im login in. But if i will use "group" roles (roles assigned for multiple users), they will be authenticating with the same user in EC2 instance, which will not work for me. Does that mean, that in my case i will need to create a role for each IAM user? or i can change tag of the role depending on the user assuming this role?

Thank you very much.

Joann

Topics
Management & GovernanceComputeSecurity, Identity, & Compliance
Tags
Amazon EC2AWS Identity and Access ManagementAWS Management ConsoleSession Management
Language
English
asked 4 years ago1.1K views
1 Answer
0
Accepted Answer

I can set tags, while assuming the role ---> https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html , so when user assumes the role, user also sets the tag, with value of user in EC2 instance.

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content