1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Hello,
Here are a few suggestions for securely setting a password for a web UI included in an AWS Marketplace AMI:
- The best option would be to have the AMI launch a bootstrap application that prompts the user to set a new password during the initial launch/configuration of the instance. This ensures the password is unique per customer and not shared.
- You could generate a random password during AMI creation and store it encrypted within the AMI. The bootstrap app would then decrypt, display, and allow resetting the password on the first launch. This prevents a static default password.
- Consider using IAM roles and temporary security credentials to authenticate to the web UI instead of a static password. The instance could retrieve short-lived credentials on launch to securely identify the user.
- Avoid storing passwords or credentials directly within the AMI if possible. Leverage external/dynamic sources like parameter store instead where the instance can look up secrets on launch.
The key is allowing the customer to set their own unique password per instance to avoid reusing defaults and ensure each deployment has its own isolated credentials
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
Thanks
con risposta 4 mesi fa
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa