> This is the default configuration. In this scenario, your private key isn’t stored in AWS and can only be retrieved when it’s created. The threat could be leaking your key pair by mistake or by an insider. This is something that can happen but is not unique to SSH access.
So in other words, the default EC2 configuration is plenty secure, or at least as secure as anything else? And you need a whole article to explain that?
I'm so sick of compliance and security turning into this, "It's easier to say no and not think about anything than it is to actually evaluate the situation and provide a real opinion." nonsense...
That's the point of the article. If you have the default EC2 configuration, exposed SSH is not such a critical issue. That might be simple, but sometimes we follow best practices without understanding why we follow them.
If that was the point of the article, it should be mentioned at the beginning of the article.
Also they explicitly say they recommend, "never exposing SSH to accept connections from anywhere" despite making it clear, literally the paragraph prior, that using key pair authentication is not uniquely risky in any way.
So they do exactly what every security "expert" does, and recommend the most onerous, least functional solution because it covers their asses, rather than actually think for five seconds about the specific circumstances.
So in other words, the default EC2 configuration is plenty secure, or at least as secure as anything else? And you need a whole article to explain that?
I'm so sick of compliance and security turning into this, "It's easier to say no and not think about anything than it is to actually evaluate the situation and provide a real opinion." nonsense...