Create multiple sudo users to EC2 Amazon Linux

Create multiple sudo users to EC2 Amazon Linux

 

Let’s say if an organization of 5 people going to access same server and sharing the same private key / password between users is not a good idea.

This post helps you to create multiple users / accounts and generating private key for each user.

Each Linux instance type launches with a default Linux system user account. Default users for following amazon instances are as follows.

Instance Type User
Amazon Linux ec2-user
RHEL5 root or ec2-user
Ubuntu ubuntu
Fedora fedora or ec2-user
SUSE Linux root or ec2-user

If ec2-user and root don’t work, check with your AMI provider.

Two Basic operations are needed perform to get this job done:

1) To add a new user to the system:

Use adduser command and the name of the user you wish to create.
[ec2-user@ip-xxx-xx-xx-xxx ~]$ sudo adduser newuser

Above command adds the newuser account to the system (with an entry in the file /etc/passwd file), creates a newuser group , and creates a home directory for the account in /home/newuser

2) Remote access to newuser:

  1. Switch to the new account so that newly created files have the proper ownership.
  2. [ec2-user@ip-xxx-xx-xx-xxx ~]$ sudo su – newuser

  3. Create a .ssh directory for the authorized_keys file.
  4. [newuser@ip- xxx-xx-xx-xxx ~]$ mkdir .ssh

  5. Change the file permissions of the .ssh directory to 700 (this means only the file owner can read, write, or open the directory).
  6. [newuser@ip- xxx-xx-xx-xxx ~]$ chmod 700 .ssh

  7. Create a file named “authorized_keys” in the .ssh directory.
  8. [newuser@ip- xxx-xx-xx-xxx ~]$ touch .ssh/authorized_keys

  9. Change the file permissions of the authorized_keys file to 600 (this means only the file owner can read or write to the file).
  10. [newuser@ip- xxx-xx-xx-xxx ~]$ chmod 600 .ssh/authorized_keys

  11. Edit the authorized_keys file and place public/private key which is generated

 
public/private key can be created via PuTTY Key Generator.

At this level, you should now be able to login into the same Ec2 Instance with new user without any sudo permission’s.

Assigning sudo permission’s to newuser

  1. Login as ec2-user and switch to root
  2. [ec2-user@ip-XXX-XX-XX-XXX ~]$ sudo su
  3. Add “newuser” to sudoers list by
  4. [root@ip-XXX-XX-XX-XXX ec2-user]# visudo
  5. And add this to the last line
  6. newuser ALL=(ALL)NOPASSWD:ALL

Resizing a Amazon AWS EC2 EBS-backed Instance

Resizing a Amazon AWS EC2 EBS-backed Instance

This blog talks about changing the instance type (or machine size) of your EBS-backed Instance, using the AWS management console. It is a very simple process –

  1. Stop your running instance
  2. Once stopped, you get an option to ‘Change instance type’. Select a new instance type.
  3. Start the instance.

Simple, as it looks, there are a few things we need to know and consider before we resize.

What is EBS?

Amazon Elastic Block Store (EBS) provides durable, block-level storage volumes that you can attach to a running Amazon EC2 instance. The volume persists independently from the running life of an Amazon EC2 instance. It is used if data requires long term persistence, especially primary storage for databases or file systems.

The other storage that AWS has is an Instance Store (Ephemeral Storage). Many Amazon EC2 instances can access storage from disks that are physically attached to the host computer. This disk storage is referred to as instance store. Instance store provides temporary block-level storage for Amazon EC2 instances. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance; if you stop or terminate an instance, any data on instance store volumes is lost.

What is EBS-backed Instance?

All AMIs (Amazon Machine Image) are categorized as either backed by Amazon EBS or backed by instance store. The former means that the root device for an instance launched from the AMI is an Amazon EBS volume. The latter means that the root device for an instance launched from the AMI is an instance store volume.

To check the type on AWS management console –

Go to the EC2 Dashboard, Go to ‘Instances’ page, Check the value of Root Device Type in the Description tab:

If the value is ebs, this is an Amazon EBS-backed AMI.

If the value is instance store, this is an instance store-backed AMI.

Stopped State –

You can stop an Amazon EBS-backed instance, but not an Amazon EC2 instance store-backed instance. Stopping causes the instance to stop running (its status goes from running to stopping to stopped). A stopped instance persists in Amazon EBS, which allows it to be restarted. Stopping is different from terminating; you can’t restart a terminated instance.

Because Amazon EC2 instance store-backed AMIs can’t be stopped, they’re either running or terminated.

Choosing the new Instance type

New instance type must be compatible with the current instance AMI. They should have the same architecture (Cannot change from 32 bit to 64 bit or vice versa). Also, an instance can only be resized to an instance type that supports its method of virtualization. Amazon Machine Images (AMIs) use one of two types of virtualization: paravirtual (PV) or hardware virtual machine (HVM) and AMIs can only be launched on instance types that support their method of virtualization. So, it is important to thoroughly check the compatibility of the instance types.

The Steps for changing the Instance type for EBS-backed Instance:

1. Stopping the instance:

As we have learnt that the data stored on the ephemeral storage or instance store is lost when the instance is stopped, it is important that we back up the required data from ephemeral storage to the EBS volumes.

Also, please note that, for EC2-Classic instances, public and private IP addresses are released when the instance is stopped, new addresses are assigned when restarted and the Elastic IP addresses are disassociated. For EC2-VPC, the private IP is retained but public is released and Elastic IP addresses are also retained. So, if your instance is EC2-Classic, make a note of the Elastic IP addresses if any.

(Note – EC2-Classic and EC2-VPC are the two platforms supported by Amazon EC2. In EC2-Classic, the instances run in a single, flat network that you share with other customers. In EC2-VPC, the instances run in a virtual private cloud (VPC) that’s logically isolated to a particular AWS account.)

To Stop, in the navigation pane, click ‘Instances’, select the instance, click ‘Actions’ and click ‘Stop’. In confirmation dialog, click “Yes, Stop”.

It may take a few minutes to stop. Check that the instance state is changed to “stopped”.

2. Change the instance type:

Select the stopped instance, and click ‘Actions’. Then click on ‘Change instance type’ (this option is enabled only when the instance is in ‘stopped’ state).

In the change instance type dialog, in the Instance Type list, select the type that you have chosen and click ‘Apply’.

3. Restart the Instance:

Select the stopped instance, and click ‘Actions’ and then click ‘Start’. In the confirmation dialog, click ‘Yes, Start’.

It may take a few minutes for the instance to start. Check that the instance state is changed to ‘running’.

For EC2- Classic instances, the new Public and Private DNS and Private IPs would appear on the description tab. If your instance had any associated Elastic IP addresses, be sure to re-associate them.

Shraddha
Helical IT Solutions