This showcase demonstrates how you can use your IAM user's public SSH key to get access via SSH to an EC2 instance.

A picture is worth a thousand words:

• On first start all IAM users are imported and local users are created
• The import also runs every 10 minutes (via cron - calls import_users.sh)
• On every SSH login the EC2 instance tries to fetch the public key(s) from IAM using sshd's AuthorizedKeysCommand
• You can restrict that the EC2 instance is only allowed to download public keys from certain IAM users instead of *. This way you can restrict SSH access within your account
• As soon as the public SSH key is deleted from the IAM user a login is no longer possible

1. Upload your public SSH key to IAM:
2. Open the Users section in the IAM Management Console
3. Click the row with your user
4. Click the "Upload SSH public key" button at the bottom of the page
5. Paste your public SSH key into the textarea and click the "Upload SSH public key" button to save
6. Create a stack based on the showcase.json template
7. Wait until the stack status is CREATE_COMPLETE
8. Copy the PublicName from the stack's outputs
9. Connect via ssh ssh $Username@$PublicName replace $Username with your IAM user and $PublicName with the stack's output

1. Upload your public SSH key to IAM as above
2. Make sure any instances you want to ssh into contain the correct IAM permissions (usually based on IAM Profile, but also possibly based on an IAM user and their credentials). Look at the iam_ssh_policy.json for an example policy that will permit login.
3. Make sure those instances automatically run a script similar to install.sh (note - that script assumes git is installed and instances have access to the Internet; feel free to modify it to instead install from a tarball or using any other mechanism such as Chef or Puppet).
4. Connect to your instances now using ssh $Username@$PublicName with $Username being your IAM user, and $PublicName being your server's name or IP address.