You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Nov 8, 2021. It is now read-only.
Copy file name to clipboardExpand all lines: README.md
+5Lines changed: 5 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -94,11 +94,16 @@ one or more of the following lines:
94
94
ASSUMEROLE="IAM-role-arn" # IAM Role ARN for multi account. See below for more info
95
95
IAM_AUTHORIZED_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups to import
96
96
SUDOERSGROUP="GROUPNAME" # IAM group that should have sudo access
97
+
LOCAL_MARKER_GROUP="iam-synced-users" # Dedicated UNIX group to mark imported users. Used for deleting removed IAM users
97
98
LOCAL_GROUPS="GROUPNAMES" # Comma seperated list of UNIX groups to add the users in
98
99
USERADD_PROGRAM="/usr/sbin/useradd" # The useradd program to use. defaults to `/usr/sbin/useradd`
99
100
USERADD_ARGS="--create-home --shell /bin/bash" # Arguments for the useradd program. defaults to `--create-home --shell /bin/bash`
100
101
```
101
102
103
+
The LOCAL_MARKER_GROUP will be created if it does not exist. BEWARE: DO NOT add any manually created users
104
+
to this group as they will be deleted in the next sync. This group is used by aws-ec2-ssh to keep track
105
+
of what users were imported in the last run.
106
+
102
107
## Using a multi account strategy with a central IAM user account
103
108
104
109
If you are using multiple AWS accounts you probably have one AWS account with all the IAM users (I will call it **users account**), and separate AWS accounts for your environments (I will call it **dev account**). Support for this is provided using the AssumeRole functionality in AWS.
0 commit comments