Don't Use SSH Keys With AWS EC2

Managing secure access to virtual machines (EC2) with ssh keys isn’t easy.

That’s why you should stop using ssh keys if you’re using AWS.

A best practice is to use AWS Systems Manager (SSM). SSM has a feature called Session Manager that allows you to do what you’d normally do with ssh, such as getting a terminal into a virtual machine.

Since SSM is an AWS offering, you use IAM to get access to virtual machines and not ssh keys.

Using IAM has the following benefits:

• Fine-grained control over who has access to which machines.
• Centralized access management: Manage permissions from one place without handing out keys to individual people. This also means using single sign-on (SSO) to automate who has access.
• All session activity is logged to AWS CloudTrail, so you have an audit trail for any compliance needs.
• You don’t need to expose your ssh port, have a bastion, or need to set up a VPN.

In addition to allowing you to get a shell into EC2 instances, you can also port forward to/from the instances.

You can read the session manager user guide here.

---