https://pulumi.com logo
Title
p

purple-train-14007

01/30/2023, 3:36 AM
Hey all, does anyone have any recommendations on eloquently handling getting the local administrator user and password on an EC2? I’d like to handle it securely and wanted to get some ideas. Perhaps storing the credentials AWS SSM parameter store?
l

little-cartoon-10569

01/30/2023, 7:48 PM
There is no local admin. There's a default user..
Which OS would this be for? Assuming any of the Linux distros that are set up for EC2, then you should use the default user, and
sudo
if necessary.
p

purple-train-14007

01/30/2023, 11:43 PM
This is for windows. This is to handle the root or admin credentials after it’s made.
l

little-cartoon-10569

01/31/2023, 12:17 AM
Ah. No idea then. We went the other way for the few Windows computers we create. We add an AD domain group to each machine's Administrators local group. That way, we don't ever worry about getting anything out of the machine.
And with SSM Connect to back that up, there's never any need to know about any special users. Since they're all specific to whatever AMI you're using, there probably isn't a single technique that would always work...
p

purple-train-14007

01/31/2023, 1:24 AM
Ah yeah I want to join them to the domain but some of them can’t be joined. This is for an app called beyond trust. For some reason they don’t want certain servers on a domain
l

little-cartoon-10569

01/31/2023, 2:27 AM
You may have to run a script on the target machine to do this. Maybe use userdata, and give it a script that gets the data, then pushes it to SSM Parameter Store or similar?
p

purple-train-14007

01/31/2023, 2:37 AM
There is a method that lets me pull the credentials from the instance as it’s instantiated. I can just pipe that to the SSM Parma store object I make