Team;
In Ryan’s EC2 & Key Pairs – Part 2, Video lesson. Great lesson btw
He shows that if you lose the original KeyPairs for your existing EC2 instance you can create an "EC2 clone" out of it and add a new KeyPair that you just created into it.
MY QUESTION
Wouldn’t this be a potential Big Security hole, if I was a "bad IT Admin", I could create an "EC2 Clone" of an important EC2 Prod Instance and during the AMI creation process to clone it I could add my new KeyPairs instead and I would have access to all of the "confidential info" in the instance?
If this is correct I’m curious if the Linux Folks/AWS thought of away to prevent that.
I’m Just curious 🙂
Thanks guys for your feedback
1 Answers
A bad admin can do anything, so……shrug. The human element is always the weakest component of security. Make sure your employees who can break your infrastructure are well vetted, and always apply best security practices – like granting minimum privileges and encrypting your data
Plenty of other ways to secure that data so that a cloned EC2 instance would be useless.
Thanks Steven, I totally agree with you. Now in the hypothesis that the data in the EC2 instance is not secured, this seems to be a big security hole. that anyone with AWS Admin could do it and SSH into the instance. Thanks again I appreciate your time and assistance..
+1 you can do this with any virtual machine, aws is no different. Fairly easy to make a clone VM with an on prem hypervisor and have your way with it. Ultimately there has to be a certain amount of trust you have to place in powerful sysadmins. I would think this is where cloudtrail/config comes into play as far as auditing such activities.