We have 3 EC2 instances in AWS and each instance has different key pair associated with it. And 3 accounts are created for each instance. So have total of 9 accounts are added to PAM.
Then configure auto-login to one of EC2 instance, when add account to the target application, only 3 of accounts appear not total of 9.
My assumption is that PAM will only list account associated with that EC2 instance.
Use above example, we have A,B,C EC2 instances and have corresponding AKey,BKey,CKey key-pairs.
1,2,3 accounts created for each instance. So there will be total 9 accounts.
1-AKey, 2-AKey, 3-AKey;
1-BKey, 2-BKey, 3-BKey;
1-CKey, 2-CKey, 3-CKey.
And configure auto-login to A instance, PAM will list only 1-AKey, 2-AKey, 3-AKey accounts that are associated with this A instance not all 9 of them.
Can anyone confirm it is how PAM works currently or is it a bug?
Hi Jerry, Yes, that is working as designed. Only target accounts for the target device that you create an access policy for will be listed, and for most users that is expected behavior. If you have a credential source that works for multiple devices, you create a device group and associate the credential source with the device group. Then all devices in the group can use any credential from the common credential source.