IAM permissions for Ops user

[hunterkirk]

Nice project. I've got it successfully up and running and I'm able to ssh in without issues. The only thing I'm wondering about now is the difference between the root users ability to access resources and the ops users inability to. I'm not quite understanding how the container behaves in regards to user context in this scenario. Ideally I'd like the ops user to be able to do various tasks that root can already do, but I'm not sure how to approach that via policy attachments.

[alex0ptr]

Hi there. The user itself only exists in the context of the container. It has no further meaning on the AWS context and can therefore not be further empowered through policies.

Also Note: This is project is still valuable as a means to learn about AWS Fargate and CloudFormation - and also likely a good option if you really want to build your Bastion on Fargate. However, for some time now there is a new option that you should consider: AWS EC2 Connect. While it doesn't offer the short-lived characteristics of the Fargate option it makes it much easier to handle ssh keys, which I would say outweigh the other advantages.