This showcase demonstrates how you can use your IAM user's public SSH key to get access via SSH to an EC2 instance.
A picture is worth a thousand words:
- On first start all IAM users are imported and local users are created
- The import also runs every 10 minutes (via cron - calls import_users.sh)
- On every SSH login the EC2 instance tries to fetch the public key(s) from IAM using sshd's
AuthorizedKeysCommand - You can restrict that the EC2 instance is only allowed to download public keys from certain IAM users instead of
*. This way you can restrict SSH access within your account - As soon as the public SSH key is deleted from the IAM user a login is no longer possible
- Upload your public SSH key to IAM:
- Open the Users section in the IAM Management Console
- Click the row with your user
- Click the "Upload SSH public key" button at the bottom of the page
- Paste your public SSH key into the textarea and click the "Upload SSH public key" button to save
- Create a stack based on the
showcase.jsontemplate - Wait until the stack status is
CREATE_COMPLETE - Copy the
PublicNamefrom the stack's outputs - Connect via ssh
ssh $Username@$PublicNamereplace$Usernamewith your IAM user and$PublicNamewith the stack's output