Question
I've created a user "developer" on my amazon ec2 instance with restricted privileges and I've assigned him a password. Now I want allow him to connect to my instance (via ssh or sftp) and let him do something small like upload some files in a specific folder and I don't want let him play with my server like an administrator. How can I do it if I provide him the instance .pem key? Can I give him the .pem key and force him to login using the developer account?
Solution
Accounts granted in AWS (with IAM) are independent of user accounts on a given instance. IAM account give the user access to parts of AWS defined by the policy associated with the group or user.
If you want to give someone access to the instance, you can have them generate their own personal keypair (ssh-keygen or puttygen). You will take the public part of the keypair and add it to the ~/.ssh/authorized_keys file of the user you want them to login as.
OTHER TIPS
You can use IAM groups and users. The documentation is here.
IAM allows you to generate separate access keys for users with restricted usage rights.
There was a step missing in the leading answer. I added: You also need to add the public key on the AWS console under "Network & Security" -> "Key Pairs".
I'd add this as a comment, but don't have enough cred points yet.
https://stackoverflow.com/questions/18360844
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian