AWS - removing ec2-user from sudo list

I'm running a production-level Amazon ec2 instance, and I want to close out root privileges to all users. Normally, when one logs in to the instance as ec2-user, the ec2-user immediately gets sudo privileges, which I am trying to do away with in order to ensure security.

I was able to set a new password for the root user, and I went into /etc/sudoers to try and remove the ec2-user from sudo privileges, but that user isn't even listed in the file. Does anybody know how I can remove ec2-user from sudo privileges on an Amazon ec2 instance running the default linux installation?


Solution 1:

Check /etc/sudoers.d/cloud-init file, ec2-user default user is there, just delete this file.

Solution 2:

If you are using CloudFormation userdata, removing the file will likely cause the stack creation to fail. Remove the line instead: $sed --in-place '/ec2-user ALL=(ALL) NOPASSWD:ALL/d' /etc/sudoers.d/90-cloud-init-users