This package automatically configures a Linux EC2 instance with SSH enabled accounts that are defined and managed in IAM.
To enable, simply paste cloud-init into the instance User Data on launch. When the instance boots, it will be automatically configured with SSH enabled accounts configured in IAM.
- The cloud-init script runs the follow steps when the instance launches (more info here)
- Installs git and clones this repo
- Runs install.sh which
- Creates an account for every user listed in the IAM group SSHUsers (import_users.sh)
- Gives each user sudo access
- Configures sshd to obtain ssh public keys from IAM (authorized_keys_commands.sh)
- Installs a cron entry to periodically import new users as they appear in SSHUsers
- This installation ensures that users added to SSHUsers automatically get accounts
- And that each account can only be accessed using the current SSH key stored in their IAM account
- The EC2 instance requires the permissions listed in iam_ssh_policy.json
- The logs for cloud-init can be found in /var/log/cloud-init.log and cloud-init-output.log