Well, it's convoluted vs creating your own SSH key every 30 days and
uploading it to the server and using SSH client/SFTP with saved session
info with your key.
I was on the phone for 2.5 hours with our tech that does the role setup
just to get access to 4 AWS instances. Such a PITA.
Oracle's cloud you login to the console, validate, and upload your key via
the console and you're good to go.
Chris
On Fri, Oct 28, 2022 at 3:42 PM <niall.litchfield@xxxxxxxxx> wrote:
On Fri, Oct 28, 2022 at 1:39 PM Chris Taylor <
christopherdtaylor1994@xxxxxxxxx> wrote:
The SSM is convoluted as heck for users to get an SSM session then get an
ssh tunnel opened back up to your machine you download/upload trace files,
patch files etc.
Chris
Not sure I buy that Chris.
Which is better "here, let me email you that file that enables you to get
access to the host" or "this is the role you need to get access to the
host"
If you want trace/alert files - send them to cloudwatch log groups (again
these should be role protected)
If you want an ssh tunnel *aws ssm start-session --target "INSTANCEID"
--document-name AWS-StartPortForwardingSession --parameters
"portNumber"=["22"],"localPortNumber"=["22"] *
None of that seems convoluted to me.
