When using external developers to help with EC2/S3 administration and development tasks what would be the normal protocol for sharing account information? I'm a little reluctant to give the Amazon account password away. If the developer has the access id and secret key, would he need a password? Also, what are the possible pitfalls of giving developers account information.
Many thanks,
For EC2, you could just create a ssh keypair using the developer's public key and he could get access
You can classify developer access into three options:
Give them the amazon aws account username/password. This is giving them full power to sign up for new services, get into the AWS management console, etc. I generally do not give this information away unless forced.
Create an "access credentials" keypair and x.509 cert and keypair for them. They can then use this with ElasticFox to create new EC2 instances, S3 buckets, etc. This is generally what I do for lead developers that need to launch new instances, etc. You have to be careful with this kind of access because if they aren't cost conscious, they will blow through their ec2 instance development budget.
Have the devs forward you their public keypair so you can create an account on ec2 instances, and script placing this public keypair on the ec2 instances so they can ssh into them to do work. This is what we do for devs that do not need to be able to launch new ec2 instances, but only get into running instances.
I wrote a blog post about exactly this question:
http://shlomoswidler.com/2009/11/how-to-work-with-contractors-on-aws-ec2.html
This may not be the exact solution you need, but I'm involved with a startup that extends EC2 into a multi-user, policy driven environment. You can check it out at http://LabSlice.com and see if it meets your needs.