We're looking to put an image on AWS Marketplace. The image is to include a password-based web user interface. What is the correct way to set that password?
Some options come to mind:
Set the password to a known value. Require a password change on first login. Hope that the end user does not leave it running unattended with the default password.
Set the password to a random value. Communicate it to the end user somehow. If so, how do we communicate it to the end user? Is it possible to find out the account owner's email through an API from a running EC2 instance?
Create a bootstrap web application that will authenticate the user by requiring them to provide their EC2 security credentials and then let them specify a password for the actual web application.
If there's a way to take user input before instance provisioning, then obviously we can just prompt for a new password. Is there any way to prompt for user input when provisioning an image from AWS marketplace on EC2?
I apologize for the obvious security holes in the above.
Are any of the above options the right option? Is there a recommended approach? What is the least insecure way to do this?
0 Answers