Browse the Repo
Browse the Repo
Manage SSH access to EC2 Instances using groups in AWS IAM or your Identity Provider (e.g., ADFS, Google, Okta, etc).
This module can configure a Linux server to manage SSH access to the server via an Identity Provider (IdP). Two types of IdP integrations are supported:
AWS Identity and Access Management (IAM): Developers in certain IAM Groups will be able to SSH to your servers using their IAM user name and the SSH key they uploaded to their IAM user account.
Gruntwork Houston: Developers with certain roles in your supported IdP (e.g., ADFS, AWS SSO, or Google) will be able to SSH to your servers using their IdP username and an SSH key they uploaded to Houston.
Automatically sync user accounts from your identity provider (e.g., IAM, Google, ADFS) to your servers, so each developer can have their own user name (e.g. "susan", "jim") rather than everyone using a shared user (e.g. "ubuntu", "ec2-user").
Each developer uses their own SSH keys to connect to servers (instead of a single, shared Key Pair).
Quickly use IAM or Houston to rotate old keys and upload a new one
Revoke SSH access to servers from the centralized IdP
This repo is a part of the Gruntwork Infrastructure as Code Library, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the Infrastructure as Code Library before, make sure to read How to use the Gruntwork Infrastructure as Code Library!
If you just want to try this repo out for experimenting and learning, check out the following resources:
ssh-grunt examples: The
examples/ssh-grunt folder contains sample code optimized for
learning, experimenting, and testing (but not production usage).
If you want to deploy this repo in production, check out the following resources:
Packer template in the Acme example Reference Architecture: Production-ready sample code from the Acme Reference Architecture examples.
IAM groups in the Acme example Reference Architecture: Production-ready sample code for IAM groups that can be used for managing SSH grunt access from the Acme Reference Architecture examples.
IAM cross account roles in the Acme example Reference Architecture: Production-ready sample code for IAM roles that can be used for managing SSH grunt access from the Acme Reference Architecture examples.
If you need help with this repo or anything else related to infrastructure or DevOps, Gruntwork offers Commercial Support via Slack, email, and phone/video. If you’re already a Gruntwork customer, hop on Slack and ask away! If not, subscribe now. If you’re not sure, feel free to email us at email@example.com.
Contributions to this repo are very welcome and appreciated! If you find a bug or want to add a new feature or even contribute an entirely new module, we are very happy to accept pull requests, provide feedback, and run your changes through our automated test suite.
Please see Contributing to the Gruntwork Infrastructure as Code Library for instructions.
Please see LICENSE.txt for details on how the code in this repo is licensed.
We're here to talk about our services, answer any questions, give advice, or just to chat.