Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Managing inter instance access on EC2

Tags:

security

amazon-ec2

We are in the process of setting up our IT infrastructure on Amazon EC2. Assume a setup along the lines of: X production servers Y staging servers Log collation and Monitoring Server Build Server Obviously we have a need to have various servers talk to each other. A new build needs to be scp'd over to a staging server. The Log collator needs to pull logs from production servers. We are quickly realizing we are running into trouble managing access keys. Each server has its own key pair and possibly its own security group. We are ending up copying *.pem files over from server to server kind of making a mockery of security. The build server has the access keys of the staging servers in order to connect via ssh and push a new build. The staging servers similarly has access keys of the production instances (gulp!) I did some extensive searching on the net but couldnt really find anyone talking about a sensible way to manage this issue. How are people with a setup similar to ours handling this issue? We know our current way of working is wrong. The question is - what is the right way ? Appreciate your help! Thanks

[Update] Our situation is complicated by the fact that at least the build server needs to be accessible from an external server (specifically, github). We are using Jenkins and the post commit hook needs a publicly accessible URL. The bastion approach suggested by @rook fails in this situation.

like image 338
anand Avatar asked Apr 02 '12 18:04

anand

1 Answers

A very good method of handling access to a collection of EC2 instances is using a Bastion Host.

All machines you use on EC2 should disallow SSH access to the open internet, except for the Bastion Host. Create a new security policy called "Bastion Host", and only allow port 22 incoming from the bastion to all other EC2 instances. All keys used by your EC2 collection are housed on the bastion host. Each user has their own account to the bastion host. These users should authenticate to the bastion using a password protected key file. Once they login they should have access to whatever keys they need to do their job. When someone is fired you remove their user account to the bastion. If a user copies keys from the bastion, it won't matter because they can't login unless they are first logged into the bastion.

like image 119
rook Avatar answered Oct 01 '22 21:10

rook
Sign in to Comment

Related questions

Importance of NPM vulnerabilities for build processes
Is pasting a private key into the Jenkins web portal secure?
Obscurify react code in production by automatically changing all the function and variable names
Secure iframe on unsecure page in a different domain
XSRF protection in an AJAX style app
Adding a OpenPGP signature to an already signed document? [closed]
How to restrict access to a WCF service with a shared key
Allow search bots to crawl your sites without session IDs
ASP.NET Membership Provider - Single Login
Intrusion Detection System for WordPress sites
Is it possible to detect Internet Explorer Enhanced Security Configuration in javascript?
Implications of deploying a Debug build of an application?
What security issues need to be addressed when working with Google App Engine?
SecurityManager for a cloud service "sandbox"
can Digital certificate signature be copied? (ssl)
Changing the membership providers ApplicationName during runtime. How?
Secure TCP Connections in Java
Connecting to a web service with PHP given only username, password and certificate authority
Are there any security pitfalls with using existing MD5 hashes with PHPass?
Securing Grails REST service for use with mobile applications

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!