Skip to content

Commit 83c892e

Browse files
qoomonqoomon
authored
Update README.md
1 parent 7cc0108 commit 83c892e

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,8 +47,8 @@ ssh <INSTACEC_USER>@<INSTANCE_ID> \
4747
```
4848

4949
## Alternative Implementation with `ec2-instance-connect`
50-
The advantage from security perspective it that you don't need to grant `ssm:SendCommand` to users and there by the permission to execute everything.
51-
Instead you only grant`ec2-instance-connect:SendSSHPublicKey` permission.
50+
The advantage from security perspective it that you don't need to grant `ssm:SendCommand` to users and there by the permission to execute everything as root.
51+
Instead you only grant`ec2-instance-connect:SendSSHPublicKey` permission to a specific instance user e.g. `ec2-user`.
5252
* Ensure [Prerequisits](#prerequisits)
5353
* Use this [aws-ssm-ec2-proxy-command.sh](ec2-instance-connect/aws-ssm-ec2-proxy-command.sh) proxy command script instead
5454
* Use this [IAM Policy Example](ec2-instance-connect/aws-ssm-ec2-iam-policy.json) instead

0 commit comments

Comments
 (0)