Alternative to import_users.sh for EC2 Instance Connect?

[bedge]

This package now references "EC2 Instance Connect" as a replacement: https://aws.amazon.com/blogs/compute/new-using-amazon-ec2-instance-connect-for-ssh-access-to-your-ec2-instances/

However there's one component I don't see in 'EC2 Instance Connect` - the bulk import of IAM users into local users onto the AWS linux instance.

Is there some other mechanism that is intended to handle that function?

[michaelwittig]

Hi @bedge
You are right. EC2 Instance Connect does not create local users for you. Feel free to continue to use this project if you need this capability.

[bedge]

@michaelwittig One more follow up if I may.
Given that EC2 Instance Connect also requires that users exist in IAM, it seems plausible that one could port the import_users.sh script from this package to fill in the missing piece.
From what I can tell you can't install both as they each need to control the sshd_config settings for AuthorizedKeysCommand

We have a mandate to rotate all ssh keys, so I'm wondering if a merging of the these to packages, even if only the import_users.sh script from here, might provide a complete solution.

[michaelwittig]

I don't have an answer. Let's see if someone else has.