kunduso / ec2-userdata-terraform Goto Github PK

This change is based on the warning message posted on the page: iam_policy_attachment

Warning: The aws_iam_policy_attachment resource creates exclusive attachments of IAM policies. Across the entire AWS account, all of the users/roles/groups to which a single policy is attached must be declared by a single aws_iam_policy_attachment resource. This means that even any users/roles/groups that have the attached policy via any other mechanism (including other Terraform resources) will have that attached policy revoked by this resource. Consider aws_iam_role_policy_attachment, aws_iam_user_policy_attachment, or aws_iam_group_policy_attachment instead. These resources do not enforce exclusive attachment of an IAM policy.

Using the "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" IAM policy it is possible to connect to an Amazon EC2 instance using Session Manager. However that gives a commandline interface. For a GUI based experience on an Amazon EC2 for Windows instance. this is can be accomplished using Fleet Manager.
The steps are:

• continue on having the above managed policy attached to the IAM role to create the instance profile
• create a new IAM policy and attach to the role as described in https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-rdp.html
• create the security group with no ingress rule and open the egress for all ports on the tcp protocol
• create a local user and add it to the Administrators group on the Windows instance using user data
• login to the Amazon EC2 instance using Fleet Manager

update resource name in Readme

Add the tag Source = "https://github.com/kunduso/ec2-userdata-terraform" to the repository

Add badges to the readme file for pull request and issues

There are no EC2 instances in the private subnet and hence there is no point in having a private subnet.

Add license info to the readme

Update the readme with the vpc endpoint use case. Provide a link to the specific use cases' readme file.