Is the AWS Instance key file(.pem) higher level than the AWS IAM access key ?
CodePudding user response:
Instance key file(.pem) is only used for accessing your instance through SSH. Anyone who has the .pem
can ssh to your instance without the need for any other AWS credentials.
In contrast AWS IAM access keys are used from programmatic management of your AWS resources. Depending on exact permissions associated with the keys, anyone who has the keys, can manage not only EC2, but potentially everything else (RDS, ECS, S3, ...) in your account.
CodePudding user response:
Instance key files are private keys specifically for running the SSH protocol to your EC2 servers where you are virtually inside the server you want to remotely manage.
IAM Access keys are for programmatically (making API Calls with the AWS SDK or similar) to the AWS control APIs, for when you want to say create an EC2 server or S3 bucket.
Both are ways for someone to make sure only the person with the keys can access the resource, it's just they are guarding different layers of AWS.