Menu
Summary: How can I get several developers to be able to start and stop a shared Amazon EC2 instance?
I've got a project where I'm using an EC2 instance for work that persists from day to day, so I 'start' my server when I come into the office, and 'stop' it when I leave. I work with several other developers and we all use this EC2 instance. We'd like the first person to start work each day to 'start' the instance, and the last home to 'stop' the instance ... but they can't 'start' or 'stop' my instance. (They can launch other instances from my AMI if I give them launch permission, but that would be a new instance. This particular instance is a persistent machine with state from yesterday.)
We are all on a consolidated billing account, but this gives no access rights. I'm looking at Amazon IAM, but it seems it needs an overhaul of our current user setup (1 developer = 1 AWS account, all account under consolidated billing) which would be very disruptive if it doesn't work, or if there's a better way to achieve the same goal. (And frankly, I've not got my toy script to work yet under IAM either, though I suspect IAM is the correct way to approach this problem - I need to read about it more)
Any suggestions for how best to manage shared instances?
Thanks!
PS For various reasons, we don't want to have a cron based solution; which machine would that run on if we're all mobile with laptops and have no fixed infrastructure? Which timezone are we assuming? Which user is the cronjob running as?
684
Limitations of shared logins. By default, AWS EC2 instances only have one login user available.
Establish permissions guardrails across multiple accounts We recommend that you use Organizations service control policies (SCPs) to establish permissions guardrails to control access for all IAM users and roles across your accounts.
You can use IAM to control how other users use resources in your AWS account, and you can use security groups to control access to your Amazon EC2 instances. You can choose to allow full use or limited use of your Amazon EC2 resources.
Safeguard your passwords and access keys. Activate multi-factor authentication (MFA) on the AWS account root user and any users with interactive access to AWS Identity and Access Management (IAM) Limit AWS account root user access to your resources. Audit IAM users and their policies frequently.
AWS Identity and Access Management: http://aws.amazon.com/iam/
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
