ec2-iam-users

Ansible role to provide IAM based SSH access to EC2 instances

This role was originally inspired by this Medium post SSH Authentication with AuthorizedKeysCommand.

Instance Requirements

The EC2 instances must be using YUM-derived Linux AMIs.
A minimum set of policies that must be attached to the instances is given in iam-ec2-policy.yml

Controller Requirements

To install the dependencies on the controller node, use pipenv with pipenv install

Dependencies

No extra role or external module is required.

Role Variables

# defaults/main.yml

iam_group: devs
# Name of the group to fetch the users from

max_ssh_keys: 5
# Max number of SSH public keys to fetch from IAM

region: sa-east-1
# Default AWS region

ssh_username: dev
# User the IAM user will be able to login as

ssh_user_groups:
  - sudo
  - docker
# Additional groups the user will belong to

default_username: ec2-user
# Extra user to always be allowed SSH

# vars/main.yml

ansible_become: true
# Become root to run the commands

host_key_path: /etc/ssh/ssh_host_rsa_key
# Where to store the keys that identify the host

Example Playbook

Apply the role passing the values you wish to override:

- hosts: bastion
  roles:
    - role: ec2-iam-users
      iam_group: developers

License

MIT

Author Information

Diógenes Oliveira - March 2019

Name		Name	Last commit message	Last commit date
Latest commit History 26 Commits
defaults		defaults
files		files
meta		meta
molecule		molecule
tasks		tasks
templates		templates
vars		vars
.gitignore		.gitignore
.travis.yml		.travis.yml
.yamllint		.yamllint
LICENSE		LICENSE
Pipfile		Pipfile
Pipfile.lock		Pipfile.lock
README.md		README.md
apply-ec2-iam-users-role.yml		apply-ec2-iam-users-role.yml

License

diogenes1oliveira/ec2-iam-users

Folders and files

Latest commit

History

Repository files navigation

ec2-iam-users

Instance Requirements

Controller Requirements

Dependencies

Role Variables

Example Playbook

License

Author Information

About

Resources

License

Stars

Watchers

Forks

Languages