We are trying to develop a small API service with a small team (currently 3 engineers).
The production stack (https://s3.amazonaws.com/datomic-cloud-1/cft/616-8879/datomic-production-compute-616-8879.json) allow us to specify a EC2 key pair.
- We could share a key pair, but it would become harder to rotate the key as the team grows.
- We could each own an personal key pair and manually update the bastion’s
~/.ssh/authorized_keysfile, but it would easily become unmanageable as the team grows.
Is there a better way to manage SSH (in particular,
datomic client access) permissions for growing teams?