Is there an easy way to give temporary access to an AWS instance on EC2?

I have an EC2 instance which requires a private key to log in with SSH.

I want to give someone easy access to the WordPress instance running on the server. They may need to modify some custom code on the server.

What is the most hasslefree way of getting this person temporary access to the server and then revoke? Should I set up a new key pair and then change back to the old key pair once they are done? Or is there a better way?

Solution 1:

It depends on how much you trust that someone.

• If you believe they won't install some kind of backdoor to your system to retain access after they're done with their work you can simply add their ssh key to ec2-user (i.e. append it at the end of ~ec2-user/.ssh/authorized_keys) and when they are done remove it again. That's the most hasslefree way as it will give them the administrator privileges.

• On the other hand, if they are not trusted that much, you can create a dedicated user, add their SSH key to that user's authorized_keys file and give them privileges to work with the WordPress code but nothing else. It's more work to set up, but it's more secure.

Also ...

"They may need to modify some custom code on the server."

Don't. Think twice before letting them modify the WordPress code. Doing so will make your WordPress upgrades a lot harder or impossible because you'll have to carry on the custom changes to the new versions. It's not worth it, trust me. More likely than not there already is a plugin with the functionality you need. If not make them provide the custom modifications in form of a plugin - that's the clean way to do it.

With a plugin in hand simply get them to install it through the WordPress administrator interface and the they may not need SSH access to the server after all.

Hope that helps :)