5

Managing EC2 access keys and X.509 certificates can become challenging when you start to deal with large numbers of instances. Do any EC2 users here have good policies and/or tools for:

  • rotating EC2 access keys and X.509 certificates
  • preventing copies of keys / certs from proliferating onto instances and AMIs
  • keeping the keys in a centralized location with the appropriate access ?
gareth_bowles
  • 9,127
  • 9
  • 34
  • 42
  • 1
    I've never used it but RSA has a certficate manager product of which I am aware. Venafi is another product vendor and there is also Comodo. But then you are probably aware of these companies and their products. I am certain there are others out there with similar issues and will be curious to see what kind of answers you get. – jl. Jul 17 '10 at 13:19
  • is this for windows or linux primarily? Client and server that is... – pablo Aug 14 '11 at 05:03
  • Mostly Linux, but it would be nice to have a cross-platform solution. – gareth_bowles Aug 15 '11 at 17:32
  • 1
    If you aren't using IAM already, that's a very important first step. If you are using EC2 access keys for SSH, I recommend not doing so; use them for deployment only, long enough for your deployment process to install vanilla SSH keys. – Paul Lathrop Nov 08 '11 at 17:58

1 Answers1

1

I created a script to manage multiple AWS accounts (tested on Mac and Linux): https://github.com/thalweg/aws-account

nlo
  • 341
  • 2
  • 3