Re: [External] : Re: What's that line again about 'best practices'?

Well, it's convoluted vs creating your own SSH key every 30 days and uploading it to the server and using SSH client/SFTP with saved session info with your key.

I was on the phone for 2.5 hours with our tech that does the role setup just to get access to 4 AWS instances. Such a PITA.

Oracle's cloud you login to the console, validate, and upload your key via the console and you're good to go.

Chris

On Fri, Oct 28, 2022 at 3:42 PM <niall.litchfield_at_gmail.com> wrote:

> On Fri, Oct 28, 2022 at 1:39 PM Chris Taylor <
> christopherdtaylor1994_at_gmail.com> wrote:
>
>>
>> The SSM is convoluted as heck for users to get an SSM session then get an
>> ssh tunnel opened back up to your machine you download/upload trace files,
>> patch files etc.
>>
>> Chris
>>
>
>
> Not sure I buy that Chris.
>
> Which is better "here, let me email you that file that enables you to get
> access to the host" or "this is the role you need to get access to the
> host"
>
> If you want trace/alert files - send them to cloudwatch log groups (again
> these should be role protected)
> If you want an ssh tunnel *aws ssm start-session --target "INSTANCEID"
> --document-name AWS-StartPortForwardingSession --parameters
> "portNumber"=["22"],"localPortNumber"=["22"] *
>
> None of that seems convoluted to me.
>
>
>

--
http://www.freelists.org/webpage/oracle-l