Multi account, transversal need

0

Hello, We have multiple aws account which we can access to through federated services. Each account is bind to a service. I'm part of a transversal team, and i need access for support purposes on EC2 instances that belongs to others account, which i don't have access through Federated services. What are the different option for me now?

3 Answers
0

Hello.

Is EC2 managed by Systems Manager?
In that case, I thought it would be possible to connect using Session Manager.
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html

If the federated user can access the management console, I think it may be possible to connect using something like EC2 Instance Connect.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html

profile picture
EXPERT
answered a month ago
  • SSM could be a solution, what i was wondering, is : can i access an EC2 machine through SSM session manager on cross account?

0

Here are two documents that may help. Essentially the admins of the two accounts all agree on external IAM permissions and attach the defined roles as appropriate.

[https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html]

[https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html]

answered a month ago
  • Would this work with federated accounts?

0

Hi,

1 simple way to do it is to add a key pair for your support purposes to each EC2 instance that you need to access for this purpose: https://repost.aws/knowledge-center/new-user-accounts-linux-instance

This will allow you to have differentiated Linux credentials / access rights for this support login as it will be a separate user on the EC2 Linux system.

Best,

Didier

profile pictureAWS
EXPERT
answered a month ago
  • Using shared key would not be allowed by security as they wont be able to identify who is initating the connexion

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions