Reputation: 3635
How to manage AWS EC2 instance when outsourced developer needs to access it?
I've outsourced development work to another company.
ATM they have AWS login details and EC2 instance key pair ( root user )
Once they deliver project, I don't want them to have access to either of AWS and/or EC2, how to achieve the same ?
- For AWS I can set 2FA and change password
- How about EC2 instance ? Their developer still has key pair with him.
I looked into AWS documentation but didn't understand how to manage permission properly.
I'm new to AWS and EC2, please help with this basic queries
Upvotes: 0
Views: 265
Answers (1)
Reputation: 60074
You should not allow any user to access your EC2 instance with root key.
Normal practice:
- Ask outsource developer to give his public key
- Add his public to EC2 instance in authorized keys
- Once the project is done to remove his public key from the ec2 instance.
Best practice in case of AWS:
- Register instance in OpsWork stack
- Ask user for his public key
- Add user in the OpsWork stack as he is already AWS user
- He will able to access the instance
So once the project, Delete the user from Ops work and AWS, his access will be revoked. In this case you do not need to change anything on instance side, AWS OpsWork will take care of it.
For AWS I can set 2FA and change password
Better to create IAM user for him, once the project is done delete that user.
Upvotes: 3
Related Questions
- How do I get access to the EC2 my developer has created?
- How do I prevent AWS Infrastructure contractor from seeing our application code?
- Limiting access of EC2 app to our developer's IPs without using security groups
- How to grant a developer access to my AWS account?
- External access to web application running in EC2 instance - AWS
- Access for developers to AWS
- How should I deal with AWS credentials and my developers team?
- Is there a way to use IAM to manage developer access to an EC2 instance? (ssh not ec2 api)
- Managing Amazon EC2 instances
- Root Access for a Developer in AWS EC2