I have a use case that my product image only allow a specific ssh keypair (not distribute to customer, only support team has the keypair) to ssh to a VM.
The AMI image is built by packer. Is it possible to ignore the ssh keypair specific during the EC2 creation page but only allow a specific ssh keypair to login?
The reason is that we don't want user to login to the VM and change the configuration; Only support team can ssh into the VM during troubleshooting.
Set
ssh_redirect_usertotruein cloud-init and build in your authized key. This should disable the loading of authorized keys from EC2 meta data.See https://cloudinit.readthedocs.io/en/latest/topics/modules.html#users-and-groups