• Buy Now
    • Rackspace Cloud
    • Email & Apps
    • Fanatical Support for AWS
    • Managed Google Cloud Platform
    • Office 365
  • Log In
    • MyRackspace Portal
    • Cloud Control Panel
    • Rackspace Webmail Login
    • Cloud Office Control Panel
  • Rackspace Logo
  • Developer Home
  • Developer Documentation
  • Blogs ▼
    • Technical Blog
    • Rackspace Blog
    • Solve: Thought Leadership
  • Support Documentation

Developer Docs


Let’s Build Something Powerful Together!

End-to-End Multicloud Solutions.   Solving Together.™   Learn more at Rackspace.com

Submit an issue
  • Fanatical Support for AWS Product Guide
  • AWS Accounts
    • Account Defaults
    • Transferring existing AWS accounts to Rackspace
    • Offboarding
    • AWS root credentials and account access
  • Service Levels
    • Features: Tooling and Automation
    • Features: Human Experts
    • Response Time SLAs
    • Supported Operating Systems
  • Pricing
  • Aviator Infrastructure Management
    • Summary
    • Management via the AWS console
    • Management via IaC using CloudFormation
    • Why use CloudFormation?
    • What resources are managed with CloudFormation?
    • What if I make changes outside of CloudFormation?
    • I don't want to use CloudFormation, can I opt out?
    • Terraform and GitHub Support (Limited Availability)
  • Recommended Network Configuration
    • CloudFormation
    • Virtual Private Cloud (VPC)
    • Availability Zones (AZs)
    • Subnets
    • Highly Available Network Address Translation (HA NAT)
    • Security
    • Tagging
  • Billing
    • Billing Currency
    • Billing Cycles
    • Financial Benefits of your Rackspace account
    • Monthly Service Fees
    • Usage
    • Viewing your Invoices
    • Tagging
    • Modifying your Payment Method
  • Reserved Instances
    • Allocation across AWS accounts
    • Purchasing Reserved Instances
    • Impact on Monthly Service Fees
    • Additional Billing Information
  • Access and Permissions
    • User Management and Permissions
    • Rackspace Account
    • AWS Console
    • AWS CLI, SDKs, and APIs
    • AWS Identity and Access Management (IAM)
    • AWS Systems Manager EC2 Session Manager
  • Security
    • Rackspace Shared Management Services
    • AWS Security
  • Compliance
    • PCI-DSS
    • HIPAA
  • Passport
    • Installation
    • CLI Usage
    • Permissions
    • Architecture
    • Changelog
  • Logbook
  • CloudHealth
    • Permissions
  • Waypoint
  • Watchman
    • CloudWatch Alarms
    • Custom CloudWatch Configuration
    • SmartTickets
  • AWS Instance Scheduler
    • Use Cases
    • Features
    • Usage
    • Pricing
  • Support
    • Tickets
    • Phone
  • Patching
    • Patching Guide for Amazon EC2
    • Automation Artifacts for Patching Meltdown/Spectre
    • Patching Amazon ECS
    • Patching AWS Batch
    • Patching Amazon EMR
    • Patching AWS Elastic Beanstalk
    • Patching AWS OpsWorks Stacks
  • AWS Marketplace
    • Legal Terms
  • Cloud Native Security
    • Onboarding
    • Monitoring
    • Investigation and Remediation
    • Ongoing Management
    • Findings and Events
    • Billing
    • Additional Services
  • Managed Infrastructure as Code
    • Change Workflow
    • Using GitHub
    • Using Terraform
    • Terraform Style Conventions
    • Using CircleCI
    • Deploying Code
    • Frequently Asked Questions
  • Service Blocks
    • Platform Essentials
    • Architect & Deploy
    • Discover & Enhance
    • Manage & Operate
    • Complex Cloud Operations
    • Managed Security - Proactive Detection & Response
    • Managed Security - Compliance Assistance
    • Application Managed Services

Passport¶

The Fanatical Support for AWS offering includes access to our Passport™ service at the Aviator service level. This is the same capability that Rackers use to access your environment. Passport leverages AWS Systems Manager to provision short lived users onto your EC2 instances and provide network access into your VPC.

Passport v2 offers several improvements over our original Passport tool, including:

  • User accounts are created on demand and cleaned up after use
  • Public subnets and bastion hosts are no longer required in customer VPCs
  • EC2 instances with multiple Elastic Network Interfaces (ENIs) are now supported

Passport’s primary concept is an Access Request. Each access request defines who is accessing your account, which specific EC2 instances they are accessing, the duration of the access request, and the reason for the access. Access requests default to expiring after 1 hour but can be extended up to 12 hours.

As an example, a Racker receiving a CloudWatch monitoring alarm for CPU utilization on your application server might create an access request referencing the alert ticket and granting them access to your active and passive database instances. Once troubleshooting and remediation is complete, the Racker completes the access request, immediately removing the short-lived user from your instances.

All access request actions, from access request creation through expiration, are logged in Logbook.

  • Installation
    • AWS Systems Manager Agent
    • Passport CLI
    • Linux and MacOS
    • Windows
  • CLI Usage
    • SSH Integration
    • Forwarding Ports
    • Copying Files
  • Permissions
  • Architecture
  • Changelog
    • 2020-11-03
      • Support for SHA-2 Certificate Signing
Previous Compliance
Next Installation
Developer Network
  • Developer Center
  • API Documentation and User Guides
  • SDKs
  • Rackspace How-To
Blogs
  • Technical Blog
  • Rackspace Blog
  • Solve: Thought Leadership
Other Information
  • Customer Stories
  • Events
  • Programs
  • Careers
  • Style Guide for Technical Content
©2020 Rackspace US, Inc.
  • ©2020 Rackspace US, Inc.
  • About Rackspace
  • Privacy Statement
  • Website Terms
  • Trademarks