Manage AWS EC2 SSH access with IAM

This showcase demonstrates how you can use your IAM user's public SSH key to get access via SSH to an EC2 instance.

How does it work

A picture is worth a thousand words:

• On first start all IAM users are imported and local users are created
• The import also runs every 10 minutes (via cron - calls import_users.sh)
• On every SSH login the EC2 instance tries to fetch the public key(s) from IAM using sshd's AuthorizedKeysCommand
• You can restrict that the EC2 instance is only allowed to download public keys from certain IAM users instead of *. This way you can restrict SSH access within your account
• As soon as the public SSH key is deleted from the IAM user a login is no longer possible

How to run this showcase

1. Upload your public SSH key to IAM:
2. Open the Users section in the IAM Management Console
3. Click the row with your user
4. Click the "Upload SSH public key" button at the bottom of the page
5. Paste your public SSH key into the textarea and click the "Upload SSH public key" button to save
6. Create a stack based on the showcase.json template
7. Wait until the stack status is CREATE_COMPLETE
8. Copy the PublicName from the stack's outputs
9. Connect via ssh ssh $Username@$PublicName replace $Username with your IAM user and $PublicName with the stack's output