Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do you still need to create users manually on each machine? There have also been many tools out there to pull the ask key from IAM and use it via authorizedkeyscommand previously, but my problem is always creating the user accounts, especially if you don't want to keep a separate list in ldap/Kerberos (or similar, like active directory).


Looks to me like this would have all users use the default ec2-user or ubuntu user accounts.


That's what I thought it was saying too. That's a mess from a compliance and best-practices point of view :(

Or am I missing something and this would follow the PCI DSS?


This is what I'm wondering as well. Does the fact that everything is logged by what an IAM user does work as compliance, or are individual user accounts on the operating system still required?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: