-4

I need to have a freelancer I hired to access an aws ec2 instance to set up an env on the host. What security I need to set up on that host and aws console so that he will not destroy my system and the bill.

Sohaib
  • 11
  • 2
    Sounds like they should only need access to the instance via SSH, not the AWS Console, so giving only that (make sure it's a new SSH key specific to that instance) will protect your bill reasonably well (the most they could incur is bandwidth charges, but make sure the instance doesn't have a privileged IAM role attached). Someone with the privileges to set up a server has the ability to destroy it, so if you don't trust them, a) why are you hiring them? and b) take a snapshot by creating an AMI of the instance first. – ceejayoz Apr 22 '16 at 19:39
  • 1
    The question scope is too broad. What do you mean "setup up an env"? Take over your EC2 instance ? Deploy web services? Deploy contents? Be specific!! – mootmoot Apr 25 '16 at 12:27

1 Answers1

3

Don't let the freelancer on your production server. There are two valuable reasons for this:

  1. You don't have to worry about his security on it, and
  2. Your production server is then dependent on this freelancer. What happens after you're done with him and you need to create a new production server?

Instead, setup one or more temporary servers for the freelancer and have him create scripts that can be used to prepare the server.

Once complete:

  1. Review the scripts to ensure there's nothing malicious.
  2. Run the scripts on your own temporary server to verify it prepares the environment correctly.
  3. Finally, run the scripts on your production server.

By doing this, you accomplish the following:

  1. Your server is not compromised by the freelancer.
  2. You can rebuild a new production server in case of emergency.
Matt Houser
  • 9,709
  • 1
  • 26
  • 25