Does user need Programmatic Access if using EC2 Instance Connect service?

Question

Does a new user need Programmatic Access if using EC2 Instance Connect service and AWS CLI or just AWS Management Console access?  
  
It is unclear or missing from the documentation whether or not this first very basic step is needed.  
  
From documentation:  
Amazon EC2 Instance Connect is a simple and secure way to connect to your instances using Secure Shell (SSH). With EC2 Instance Connect, you can control SSH access to your instances using AWS Identity and Access Management (IAM) policies as well as audit connection requests with AWS CloudTrail events.  
and  
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html  
  
Thanks,  
Amy  
  
Edited by: aramsdell on Nov 10, 2020 4:54 AM

Accepted Answer

I think you're confusing two different connections.    
  
SSH is for accessing the operating system of that instance... you don't need any special access rights within AWS for that -- other than you need access to the virtual private network that the instance is in.  Otherwise, if you have the SSH key and the user to login - you're done.   
  
The "IAM" and "AWS CLI" are ways of interacting/CRUD (create, read, update, delete) with the "objects" within the account. These include spinning up a new instance or creating a new subnet, changing the parameters of a dynamic group, many many many others.  Neither IAM (what rights an AWS user has over which objects) nor the AWS CLI give you access to the operating system of a EC2 instance by themselves.

Does user need Programmatic Access if using EC2 Instance Connect service?

相關內容