kuanhung c

要如何安全的存取 EC2 instance 呢？ 管理和交換 EC2 ssh key pair 是一件很麻煩的事 除了透過 system manager access instance console 外， 另外一各有趣的方式是透過 IAM send ssh key + instance connect 原理是如果 EC2 instance server 端安裝 instance connect script, 則 sshd 會去 instance metadata 拉 one-time ssh key 來允許 user ssh login. client 端可以把自己的 ssh key 透過 aws cli push 上去，或者是安裝 pip install ec2instanceconnectcli , 這個 command wrapper 會動態的產生 ssh key 然後再 push 上去 ec2 instance. 因為 key 在 instance metadata 只會存在 60 秒，基本上都是依靠 IAM 來控管權限，唯一的缺點就是，不是所有的 EC2 instance 預設都有 安裝好 instance connect . 目前只有 Amazon Liunx 2 和 Ubuntu 16.04 later 預設先安裝好了...

The AWS codecommit pricing determine a valid user by any unique access identities. Q: What is the definition of an active user in AWS CodeCommit? An active user is any unique AWS identity (IAM user/role, federated user, or root account) that accesses AWS CodeCommit repositories during the month, either through Git requests or by using the AWS Management Console. A server accessing CodeCommit using a unique AWS identity counts as an active user. I created a repo from web console with my AWS root account. For my desktop I create an IAM user with Access Key ID A, and for my Macbook Pro, I add second Access Key ID for the same IAM user. Then I saw its counted as 3 user access, charged with $1 USD x 3 / per month for the repo... lol