New to AWS. I have read this post about external access but that was for sftp. I need to grant external developers access to our server so they can write some code that will download data from a third party site. Everything I am reading is about "granting access" refers back to the IAM, but I don't want these users to be able to launch anything, etc. Is IAM just for console access or must I also use this to grant access to server ? Can I just create a login like a normal server and not put anything about them in the IAM console ? If I have to go through IAM, how do I restrict their access to do anything in the console.
Asked
Active
Viewed 318 times
-1
-
1IAM is only for accessing the AWS API or console. You can do normal user management on ec2 instances. – jordanm Mar 03 '22 at 21:57
-
When you spin up an EC2 you don't have to choose an IAM Role (that's needed when the EC2 needs access to AWS Services). Instead use RDP or SSL credentials and give those to the external developers. When they start asking for permissions to services via their EC2 then create a Role with least privilages and assign the role to the EC2s – Jeremy Thompson Mar 04 '22 at 03:51
-
Thanks. Actually are no services on the one server other than SQL. They will be building out the services. Thanks – GoGoPuffs Mar 04 '22 at 18:51
1 Answers
1
If you somehow manage this person account you can assign role for him to perform specific tasks. Please see section IAM roles. If you want just allow user to connect to you EC2 instance, you can ask user generate ssh key and upload it in aws console.
Vladislav Kievski
- 1,637
- 11
- 12
-
Turns out also have to whitelist IP and we have a VPN, for anyone else referencing this. This is not always the case, but it may be. – GoGoPuffs Mar 08 '22 at 22:46