By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SSH key managment for multiple accounts

0

Hi, We need to achieve:

  1. Possibility to create/delete ssh key pairs for instances hosted in multiple accounts, in one place (centralization)
  2. Possibility to assign permissions for the user we are ssh'ing into inside the instance, for example : IAM - admin user, should have admin ssh key, which will give full read/write permissions in virtual machine in which user is ssh'ing, and the IAM - support user, should have support ssh key, which will give less permissions.

Any suggestions, in what we can look into, are welcome. As i googled a bit, the "AWS system manager" - "session manager" looks like it would work for us, but does it work for instances hosted in multiple accounts?

Joann

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
AWS Identity and Access ManagementAWS Systems ManagerSession Management
Language
English
Joann Babak
asked 2 years ago409 views
2 Answers
1
Accepted Answer

Yes, this is possible using roles in the different accounts. Here is an example of how one organization set this up, Replacing SSH access to reduce management and security overhead with AWS Systems Manager.

profile pictureAWS
EXPERT
kentrad
answered 2 years ago
1

Additionally, please note you can also use AWS Secrets Manager to securely store and rotate SSH key pairs

How to use AWS Secrets Manager to securely store and rotate SSH key pairs

profile pictureAWS
EXPERT
Tushar_J
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content