By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Does user need Programmatic Access if using EC2 Instance Connect service?

0

Does a new user need Programmatic Access if using EC2 Instance Connect service and AWS CLI or just AWS Management Console access?

It is unclear or missing from the documentation whether or not this first very basic step is needed.

From documentation:
Amazon EC2 Instance Connect is a simple and secure way to connect to your instances using Secure Shell (SSH). With EC2 Instance Connect, you can control SSH access to your instances using AWS Identity and Access Management (IAM) policies as well as audit connection requests with AWS CloudTrail events.
and
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html

Thanks,
Amy

Edited by: aramsdell on Nov 10, 2020 4:54 AM

Topics
Management & Governance
Tags
AWS Command Line Interface
Language
English
aramsdell
asked 3 years ago253 views
1 Answer
0
Accepted Answer

I think you're confusing two different connections.

SSH is for accessing the operating system of that instance... you don't need any special access rights within AWS for that -- other than you need access to the virtual private network that the instance is in. Otherwise, if you have the SSH key and the user to login - you're done.

The "IAM" and "AWS CLI" are ways of interacting/CRUD (create, read, update, delete) with the "objects" within the account. These include spinning up a new instance or creating a new subnet, changing the parameters of a dynamic group, many many many others. Neither IAM (what rights an AWS user has over which objects) nor the AWS CLI give you access to the operating system of a EC2 instance by themselves.

aram535
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content