8

Is it possible to use IAM to manage user accounts for EC2-hosted unix hosts by way of a PAM module similarly to LDAP, NIS, etc...?

My goal is to have a means to centralize host authentication on our EC2 hosts without the overhead of setting up a single sign on solution.

Improve this question

2 Answers 2

Reset to default
2

AWS IAM is meant to handle access to AWS resources. You can create new users but the basic authentication which EC2 instances get is via key pairs, which are not the same as IAM users.

You might be able to create a system of your own which manages IAM users and also generates a private and public key for them to be used inside the instances being created (maybe even re-using the keys you get when creating a new user in IAM).

All in all its not really meant to be used that way, as far as I understand.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Since you mentioned LDAP, you can use this project:

https://github.com/denismo/aws-iam-ldap-bridge

to sync an LDAP server with IAM.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.