robertknight
commented
5 years ago Hi David,
I think I can follow how this would work for our static infrastructure (support, mon, bastion servers etc.). How would this work with our dynamic infrastructure managed by Elastic Beanstalk though?
dmfine
This would probably be an Ansible play to create users on each server, add public keys, and sudoers config. Another approach would be LDAP + SSSD but I don't think the complexity is justified at this time. The problem we're trying to solve is key rotation and revocation. Switching to separate users lays the foundation for security auditing and more granular access controls.