Reputation: 1614
Safely distribute ec2 key pairs
What is a good way to safely distribute EC2 Keypairs amongst team members? I have considered using Signed URLs, but that would leave it open if someone outside somehow got the url.
Is there a way to require a user to login with their IAM credentials to access a URL in s3?
Upvotes: 0
Views: 209
Answers (1)
Reputation: 1922
My preferred way to distribute key pairs of any kind to other users is through an existing server that they already have access to. For example, if my team already has accounts on an existing server, I will drop a copy of the keys into files in their home directories. Or I will give group access to a directory that they all have access to. If you are on secured LAN that users are local to or that can VPN into you can also setup a shared folder.
If you do not have such resources, you can use encrypted email, but that can take a bit of setup.
Another option is secure chats (IM or IRC). Some IM clients (eg Adium (for Mac)) use OTR (Off The Record) to encrypt private conversations.
Yes, S3 has multiple options for allowing access to individual files. You can give access to "Authenticated Users", which would apply to IAM users. You can also assign IAM roles and group policies. Using IAM you can create very granular permissions for users to just about any AWS service.
Upvotes: 1
Related Questions
- Error creating Key Pair: You are not authorized to perform this operation
- How to manage EC2 key pairs for multiple users?
- EC2 Instance Connect and IAM public keys
- How to share private key with other developer
- Storing AWS IAM keys
- AWS IAM - Safely concatenate generated Access Key ID and Secret Access Key
- How to organise .pem keys for AWS EC2 ssh
- Two key pem for one instance amazon web service
- Creating EC2 Access w/ PEM Keys For Other Users
- How to share the AWS keys without people knowing about it