I've been struggling with AWS private keys as I try to keep all of my AWS credentials safe, secure, and organised. Should I be using the same AWS key for multiple EC2 instances or should each instance have its unique private key?
I've been looking around for a best practice regarding this. If you can explain why in addition, I'd appreciate it very much.
I've been leaning towards the practice of giving each instance its unique private key to compartmentalise security.
Thanks in advance!
Best Answer
Just to expand on @steenhulthin answer.
I think it's best to think of the EC2 generated key pair as the master key into the instance and it's optional. It's not a system for managing user level access.
I beleive best practice is as follows
Do I need to remotely login to the instance?
YES: Create EC2 instance with a key pair
I believe the best practice is to create a EC2 key pair per instance. If a key pair get's compromised exposure is limited to just that instance. However a key pair per instance may be difficult to manage, if this is the case find some logical way to group your instances and use a key pair per group. E.g. group by role or role and application.
NO: Create EC2 instance with no key pair.
This is obviously more secure as you have no key to lose/compromised. The instance is inherently not accessible through conventional methods. Following this method requires instance management/config to be fully automated (Chef, Puppet etc.) and is a more costly option. Overall how much more secure this makes the instance is up for debate and depends on how your automation is configured.
What's the best practices for managing your EC2 key pairs? This is the one I don't have a good answer for at the moment.
Do you need to allow humans to remotely access the instances? As suggested by @steenhulthin either create local user accounts per user or use some centralised Athentication and Authorisation.
In addition you can also maintain a dedicated instance for remote management access (SSH or RDP), only open this up for public access (IP address wise) and restrict SSH and/or RDP on all other instances to the management station.