Reputation: 4548
AWS EC2 instance replace key pair
I am trying to create a ec2 instance for someone on his own aws account. That person should only interact with the machine via a web service. I can't afford having anyone ssh into the machine and having their hands on the code IP.
How can i forbid the owner of the account from creating a new key pair and replacing the ones that i set for the machine ?
thanks
Upvotes: 0
Views: 50
Answers (1)
Reputation: 450
Ideally, you should be having an instance on your own account, where you are in control and create an instance and install your Web Services and host it via a web server and expose web ports(let's say port 80) to the world.
Then you edit the Security Group to make sure the web ports are open to the world/to the user's IP (in case you're using static IP Range) and the SSH Port 22 should only be open to your IP (if you're using static IP Range).
If you're using a dynamic IP, my strategy would be to use a step server, that is to create another server(with an elastic IP), who's keys are known and managed only by you and allow that server's IP address to have SSH Permission to your web server by modifying your web server's security group. That way only your account has access to the step server, and ONLY you can log in to the Web server from the Step server and no one else.
Upvotes: 1
Related Questions
- Amazon EC2 key pair changed automatically
- Changing EC2 pem file key pair when you have access to the EC2 instance
- Change key pair for ec2 instance
- AWS Key Pair Replacement
- Change AWS EC2 instance aws_access_key_id & aws_secret_access_key
- EC2 Key Pair Change
- How to replace/add key pair for a Windows EC2 instance
- EC2 instance access and change SSH keypairs replacement
- change keypairs ec2 running instance
- Add a new key to EC2