Synchronizes a local NSS database against AWS IAM
Project description
aws_acctmgr synchronizes a local NSS database against Amazon Web Services (AWS) Identity and Access Management (IAM) with the primary use-case of providing SSH access to AWS EC2 instances for remote administrators [1].
This relies on a new SSH Public Key metadata feature recently added to AWS IAM. Note that the AWS documentation currently only mentions this feature in the context of the AWS CodeCommit product but the API naming itself has no such context.
- See:
https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSSHPublicKey.html
https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSSHPublicKeys.html
[1] If LDAP is overkill. If LDAP is not, consider nsscache.
Installation
These instructions have been tested with Debian 8 (Jessie) but should be fairly general.
IAM users are not added to the system via traditional mechanisms (e.g. /etc/passwd). Instead they are registered in a dedicated directory provided by the “libnss-extrausers” package. The host’s /etc/nsswitch should have extrausers appended to the passwd and shadow entries:
passwd: compat extrausers group: compat shadow: compat extrausers gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
Additionally, “libpam-modules” is required only if home directories should only be created on-demand. On Debian systems, ensure that the line:
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
Is added to etc/pam.d/common-account.
See Also
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for iam_acctmgr-0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f6998abf17a9ea0b0a08e221bc3d7a559d969009ff70b4055905dc3d8a5f1362 |
|
MD5 | 26b76d27a5453b4e2eb4b98c955f1446 |
|
BLAKE2b-256 | c686121c6f7a5afaa42a044fe57f98165b0c46b2665fc2d934f88b2dfbd1668d |
Hashes for iam_acctmgr-0.1-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | fc8277e5293f52b0180f289797dddc6c82fa319951a290406158e3813c6e8f51 |
|
MD5 | 920e0c17c1ed5342c6ba0405c1236d57 |
|
BLAKE2b-256 | ae07bfa0648a77f6882c5d1a061cfe538aff07a52bf6aa93d737e7163bbfc83c |