Sentinels of Data: Securing Your AWS EC2 for PostgreSQL with Password Authentication and Key Removal

Overview:

When deploying EC2 instances on AWS, password authentication isn't the default. Typically, connecting to your EC2 instance requires the use of a private key. However, in scenarios where frequent testing in short-lived environments is necessary, password authentication might be more practical, although it's not always recommended for security reasons. This blog will guide you through the step-by-step process of launching an EC2 instance and enabling password authentication

Prerequisites:

Ensure you have already launched an EC2 instance using the AWS console GUI mode.

Getting Started:

Step 1. Login to AWS EC2 instance using putty using a private key

For Linux Users:

Use the following command to connect to your EC2 instance:

ssh -i /path/to/private-key-file.pem ec2-username@public-endpoint

Replace /path/to/private-key-file.pem with the path to your private key file.

Step 2: Set Up Password

Next, set up a password for the admin user using the passwd command.

ec2-username@public-endpoint $ sudo passwd ec2-user

Follow the prompts to enter and confirm your password

Step 3: Modify sshd_config

Edit the sshd_config file to enable password authentication.

sudo vi /etc/ssh/sshd_config

Locate the 'PasswordAuthentication' parameter and change its value from 'no' to 'yes'

PasswordAuthentication yes

Step 4: Restart SSH Service

Restart the SSH service for the changes to take effect.

sudo systemctl restart sshd

Note: For 'root' login, find the 'PermitRootLogin' parameter and set its value to 'yes'.

PermitRootLogin yes

Save the file and exit.

Step 5: Disable SELinux

To rule out any SELinux-related issues, disable SELinux.

sudo vi /etc/selinux/config

Step 6: Validate Login

Ensure successful login to your EC2 instance with the username and newly set password.

ssh ec2-user@IP

Step 7: Change System Hostname

Modify the system hostname as needed.

sudo vi /etc/cloud/cloud.cfg

Add the following line if it doesn't exist.

preserve_hostname: true

To change the system hostname without a public DNS name, use the appropriate commands based on your OS.

For Amazon Linux 2:

sudo hostnamectl set-hostname your-desired-hostname

For Amazon Linux AMI:

Open the /etc/sysconfig/network file and change the HOSTNAME entry

sudo vi /etc/sysconfig/network
HOSTNAME=your-desired-hostname.localdomain

Finally, open the /etc/hosts file and make any necessary adjustments.

Reboot the instance:

sudo reboot

Additional PostgreSQL Installation (Version 13):

sudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
sudo dnf -qy module disable postgresql
sudo dnf install -y postgresql16-server
sudo /usr/pgsql-16/bin/postgresql-16-setup initdb
sudo systemctl enable postgresql-16
sudo systemctl start postgresql-16

This comprehensive guide ensures your EC2 instance is not only fortified for PostgreSQL use but also provides the flexibility of password authentication, meeting diverse security requirements.