0

I have an organization and I want one user to create the EC2 and all other to be able to access it. Is that possible?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Goking
  • 61
  • 1
  • 1
  • 8
  • Why mention the "organization"? Are you wanting to let people from other organizations access it? Through another VPC? And what does "access" mean? SSH? via the console? – DanielC Jan 30 '20 at 15:44
  • How will the users access the EC2 instance? Using Remote Desktop (if Windows), SSH, port 80/443 from a web browser, make service API call against the EC2 instance, something else? – jarmod Jan 30 '20 at 15:45
  • Access through the aws . When they log in with their account to be able to see it alongside their ec2 instances(in the UI). – Goking Jan 30 '20 at 15:53
  • All EC2 instances for a given AWS account are visible to all IAM users in the AWS console for that account (unless a user has limited permissions). What do you want the other users to be able to do with the EC2 instances? – jarmod Jan 30 '20 at 20:46

1 Answers1

1

Short answer: yes.

Long answer: Depending on how you grouped your "organization", implementation methods vary.

For example, if you defined it outside AWS, you can share the SSH key inside a shared, controlled space for your organization (like a Github repo). This isn't recommended for obvious security reasons. If you like the SSH route, it may be worth looking into setting up AWS Secrets Manager to create "rotating keys" such that previously shared keys won't grant malicious users access.

You could also look into setting up AWS Session Manager which ties into your IAM roles/policies and therefore allows you to do your access management within AWS.

There are many other methods in setting up user management, but these are the ones I see most frequent.

Jin
  • 178
  • 1
  • 8
  • I can give ssh access to anyone, but i want my ec2 to be visible in their account when they log in aws through the browser and see it under ec2 instances – Goking Jan 31 '20 at 12:36
  • 1
    Having your ec2 instance show up in their console page isn't possible if you are talking about separate accounts. – Jin Jan 31 '20 at 13:56