Individual Local Accounts on AWS

samtech 2021

6/28/23, 12:24 PM

I'm my scenario, Currently, we have all developers connect to ec2 instances using the ec2-user account. Is there a better way to do this so we can see which actions developers take on the machines?

I'm wanting to be able to identify who executes certain commands. Currently, with everyone as 'ec2-user' there's no way to identify who ran which command. For example on the dev server, there is no way to identify who changed the '/etc' directory permissions.

can anyone advise me on how to solve it?

0 + 0

linux

amazon-ec2

amazon-web-services

amazon-iam

devops

Greg Askew

6/28/23, 12:36 PM

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html "Using the default user account is adequate for many applications. However, you may choose to add user accounts so that individuals can have their own files and workspaces. Furthermore, creating user accounts for new users is much more secure than granting multiple (possibly inexperienced) users access to the default user account, because the default user account can cause a lot of damage to a system when used improperly."

Tim

6/28/23, 6:52 PM

You add users in the same way you do on any Linux server. If you have many servers you may want to automate the deployment.

samtech 2021

7/1/23, 4:32 PM

Tim , Yes, I'm wanting to be able to identify who executes certain commands. Currently with everyone as 'ec2-user' there's no way to identify who ran which command. For example on the dev server there is no way to identify who changed the '/etc' directory permissions.

samtech 2021

7/2/23, 10:07 AM

@ Tim , I'm wanting to be able to identify who executes certain commands, what is advice on it? What procedure do I need to adopt?

shearn89

7/2/23, 1:50 PM

@samtech2021 - based on your recent questions I would highly advise that you look into some AWS training, probably the Cloud Practitioner certification as a starting point. It will give you a really good overview of all these tasks.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Individual Local Accounts on AWS

TH: บัญชีท้องถิ่นส่วนบุคคลบน AWS

RO: Conturi locale individuale pe AWS

RU: Индивидуальные локальные учетные записи в AWS

VI: Tài khoản cục bộ cá nhân trên AWS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.