{"id":38271,"date":"2016-08-01T17:39:29","date_gmt":"2016-08-01T12:09:29","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=38271"},"modified":"2016-08-01T17:39:29","modified_gmt":"2016-08-01T12:09:29","slug":"ssh-iam-opsworks","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/ssh-iam-opsworks\/","title":{"rendered":"Creating And Importing IAM User to Opsworks"},"content":{"rendered":"

Opsworks is a wonderful SaaS tool provided by AWS<\/a> which off-loads human driven tasks like managing own chef server, installing agents on each server, creating ssh user(s) even on run-time for the servers and various other benefits.<\/p>\n

In this blog an IAM User will be created without any CLI credentials, it will be registered with opsworks, a .pem file will be used to login and create a public key to allow the user(s) ssh into server(s).<\/p>\n

Creating an IAM User<\/strong><\/p>\n

Go to IAM Service from AWS Console.
\nClick on Users(On the left side of the Page)<\/p>\n

\"IAM_Users\"<\/p>\n

And then click \u201cCreate New Users\u201d<\/p>\n

\"Create_New_IAM_User\"<\/p>\n

Specify the name of the IAM user to be created, uncheck \u201cGenerate an access key for each user\u201d (access key(s) are required for giving CLI access to users) and then click \u201cCreate\u201d.<\/p>\n

\"IAM_New_User\"<\/p>\n

Now in Opsworks console, select \u201cPermissions\u201d then click Users link below the Edit button.<\/p>\n

\"Import_Users\"<\/p>\n

After getting into Users page<\/p>\n

\"Import_User\"<\/p>\n

Click \u201cImport IAM users to ‘Selected_Region_Name’ \u201d
\nAnd choose the required user.
\nOr to Import Users from different region
\nClick Import \u201cOpsWorks users from another region to ‘Selected_Region_Name’ \u201d<\/p>\n

After importing, it will reflect in the Users list as:<\/p>\n

\"imported_User\"<\/p>\n

Click on \u201cedit\u201d to change it\u2019s permissions and to provide its public key for ssh.<\/p>\n

\"ssh_key_to_user\"<\/p>\n

Keep Self Management to \u201cYes\u201d, to put your own \u201cPublic SSH key\u201d.<\/p>\n

To generate public key from private key(.pem file)<\/strong> :<\/p>\n

[sourcecode language=”bash”]
\nssh-keygen -y -f <path_to_.pem_file> > test_vaibhav.pub
\ncat test_vaibhav.pub
\n[\/sourcecode]<\/p>\n

\"public_ssh_key\"<\/p>\n

Granting Permissions:<\/strong><\/p>\n

\"Granting_SSH_Permission\"<\/p>\n

The SSH permissions are specific to the Stack(s).
\nSet Permission level to \u201cIAM Policies Only\u201d and Instance access to \u201cSSH\/RDP\u201d.<\/p>\n

Permission level<\/strong> is the amount of access a user has on the stack.
\nDeny<\/strong> : It means that to user cannot perform any perform on the stack.
\nIAM Policies Only<\/strong> : The user\u2019s access on the stack is limited to the IAM policy applied on it.
\nShow<\/strong> : The user has only view access on the stack.
\nDeploy<\/strong> : The user has access to deploy app and view the stack.
\nManage<\/strong> : The user has access to stack \u201cPermissions\u201d section, deploying apps and various management actions like modifying layers\/instances, adding or removing resources.<\/p>\n

Instance access<\/strong>
\nSSH\/RDP<\/strong> : Giving SSH\/RDP access to user corresponding to linux\/windows.
\nsudo\/admin<\/strong> : Giving sudo\/admin privileges to user respective to linux\/windows.<\/p>\n

\"Instance_on_console\"<\/p>\n

Now try to ssh into the server :<\/strong>
\nssh -i ~\/.ssh\/[your-keyfile] test_vaibhav@INSTANCE-DNS
\nand make sure that ssh port is open for your ip in the security group in AWS Console.<\/p>\n

\"logging_in\"<\/p>\n

Tip\/Trick:<\/span><\/strong> If you lose .pem file of your EC2 Instance, you can register your Instance with Opsworks, add a new user to it and later modify the keys of your previous user.<\/p>\n

Hope after reading this blog you’ll be comfortable in playing around with “Permissions” option in the Opsworks console !<\/p>\n","protected":false},"excerpt":{"rendered":"

Opsworks is a wonderful SaaS tool provided by AWS which off-loads human driven tasks like managing own chef server, installing agents on each server, creating ssh user(s) even on run-time for the servers and various other benefits. In this blog an IAM User will be created without any CLI credentials, it will be registered with […]<\/p>\n","protected":false},"author":913,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":4},"categories":[2348,1],"tags":[248,1935,1167,1343,3815,553],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/38271"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/913"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=38271"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/38271\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=38271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=38271"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=38271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}