|
Hello all, Disclosure: While I am a DD since 2000, I am an employee of Amazon Web Services for the last 4 months. Let me talk here with my Debian hat on. I have an AWS account that I have created for us to present official Debian images to AWS. I intend to give access to any DD who wants it to create images, and all DDs access read-only so they can poke around. If you would like access, please contact me (jeb@debian.org) with a GPG signed message. I've been using the ec2debian-build-ami that Anders Ingemann has put on git hub (https://github.com/andsens/ec2debian-build-ami). Several things to note about the recommended settings for an AMI: https://aws.amazon.com/marketplace/help/200897460 In particular: Disable the remote root login for sshd (SSH daemon). Require all users to SSH in using their standard username. If they need to access root privileges, they should use the sudo command. Sudo allows you to control which users are allowed to perform root functions and logs the activity so that there is an audit trail. Shall we create a 'debian' user with sudo access to root? All feedback appreciated. James |