EC2 key-pair management for growing teams

hden · March 16, 2020, 2:44pm

We are trying to develop a small API service with a small team (currently 3 engineers).
The production stack (https://s3.amazonaws.com/datomic-cloud-1/cft/616-8879/datomic-production-compute-616-8879.json) allow us to specify a EC2 key pair.

We could share a key pair, but it would become harder to rotate the key as the team grows.
We could each own an personal key pair and manually update the bastion’s ~/.ssh/authorized_keys file, but it would easily become unmanageable as the team grows.

Is there a better way to manage SSH (in particular, datomic client access) permissions for growing teams?

marshall · March 17, 2020, 2:48pm

The key-pair specified when you launch your stack is not the same key pair that is used for the access gateway. The datomic client access script handles retrieving the appropriate SSH keypair from S3 as part of establishing the gateway connection.
Your developers should not need access to the key pair specified when launching the stack.

hden · March 18, 2020, 12:25am

Got it. Confirmed that it’s working as expected. Thanks!

Topic		Replies	Views
DynamoDB, `datomic:ddb//` connect URI, and AWS STS roles - can we provide the token for a keypair? Datomic Pro	1	955	May 23, 2018
Any ideas for isolated dev environments with Datomic Cloud? Datomic Cloud	4	1618	November 5, 2019
Stuck at creating ssh tunnel to ec2 node Datomic Cloud	2	1189	October 20, 2019
Cloud: starting over Datomic Cloud	1	878	January 19, 2018
Are there plans to make the datomic-cli work with AWS SSO? Datomic Cloud	3	841	October 6, 2022

EC2 key-pair management for growing teams

Related topics