![]() Authentication based on AWS IAM identity and policies.Network connection to (bastion) host required.storing the logs on separate AWS account. ![]() All of these are non-trivial to implement and operate at large scale.Īuditing Is there centralized audit trail of (attempted) connections and can content of sessions be logged? As these logs can contain sensitive information is it essential to make sure logs are protected from un-authorized access. Typical options are automation tools such as Ansible/Chef/Puppet or using AD/LDAP authentication. There must also be internet gateway or vpn/direct connect attached to enable connection from outside of VPC.Īuthentication Is authentication based on linux users and ssh keys or does authentication use IAM identities? When users and keys are used, you should think how to manage them. I did compare different options from the following viewpoints Ĭonnectivity Is end to end network connection from client to host required or is out-of-band connection, through AWS API, used instead? Network connections implies correct configuration of VPC CIDR, routing, NACLs, security groups etc. The Question is how to do it in a modern way and keep your dev, ops and sec -teams happy. ![]() Access to EC2 instances isn’t the most sexy topic in days of serverless-first -architectures but reality is there are still valid use-cases for terminal access to VMs. ![]()
0 Comments
Leave a Reply. |