EC2 key-pair management for growing teams

We are trying to develop a small API service with a small team (currently 3 engineers).
The production stack (https://s3.amazonaws.com/datomic-cloud-1/cft/616-8879/datomic-production-compute-616-8879.json) allow us to specify a EC2 key pair.

  1. We could share a key pair, but it would become harder to rotate the key as the team grows.
  2. We could each own an personal key pair and manually update the bastion’s ~/.ssh/authorized_keys file, but it would easily become unmanageable as the team grows.

Is there a better way to manage SSH (in particular, datomic client access) permissions for growing teams?

The key-pair specified when you launch your stack is not the same key pair that is used for the access gateway. The datomic client access script handles retrieving the appropriate SSH keypair from S3 as part of establishing the gateway connection.
Your developers should not need access to the key pair specified when launching the stack.

1 Like

Got it. Confirmed that it’s working as expected. Thanks!