Notes about LOCAL_USER_ID

ivan-khvostishkov · ivan-khvostishkov · commit 329b0cdc68c3 · 2024-05-13T00:33:49.000+02:00
diff --git a/FAQ.md b/FAQ.md
@@ -156,7 +156,7 @@ for a policy example.
 It works as follows: the SageMaker SSH Helper assigns on behalf of the user the tag `SSHOwner`
 with the value that equals a local user ID (see [the source code for SSH wrappers](https://github.com/aws-samples/sagemaker-ssh-helper/blob/57b1f6369ce9e523a7951d23753a9f7f5a6a2022/sagemaker_ssh_helper/wrapper.py#L62)).
 For integration with SageMaker Studio the user ID is passed in [the notebook](https://github.com/aws-samples/sagemaker-ssh-helper/blob/main/SageMaker_SSH_IDE.ipynb) as the argument to 
-`sm-ssh-ide init-ssm` command. 
+`sm-ssh-ide init-ssm` command and configured by the `LOCAL_USER_ID` variable.
 
 When a user attempts to connect to an instance, IAM will authorize the user based 
 on their ID and the value of the `SSHOwner` tag. The user will be denied to access the instance 
diff --git a/README.md b/README.md
@@ -727,6 +727,8 @@ Alternatively, [attach](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-l
 Once configured, from the Launcher choose the environment, pick up the lifecycle script and choose 
 'Open image terminal' (so, you don't even need to create a notebook).
 
+You might want to change the `LOCAL_USER_ID` variable upon the first run, to prevent users from impersonating each other. For more details see the FAQ on [How SageMaker SSH Helper protects users from impersonating each other?](FAQ.md#how-sagemaker-ssh-helper-protects-users-from-impersonating-each-other).
+
 > Note that the `main` branch of this repo can contain changes that are not compatible with the version of `sagemaker-ssh-helper` that you installed from pip. To ensure the stable performance, check the version with `pip freeze | grep sagemaker-ssh-helper` and take the notebook and the lifecycle script from [the corresponding tag](https://github.com/aws-samples/sagemaker-ssh-helper/tags).  
 
 2. Configure remote interpreter in PyCharm / VS Code to connect to SageMaker Studio
diff --git a/kernel-lc-config.sh b/kernel-lc-config.sh
@@ -12,7 +12,7 @@ JB_LICENSE_SERVER_HOST="jetbrains-license-server.example.com"
 # OR keep it as is and populate ~/.vnc/passwd inside SageMaker Studio to override (see https://linux.die.net/man/1/vncpasswd ).
 VNC_PASSWORD="123456"
 
-# Replace with a local UserId
+# Replace with a local UserId that is returned by `aws sts get-caller-identity` command
 # OR keep it as is and put the value into ~/.sm-ssh-owner inside SageMaker Studio to override
 LOCAL_USER_ID="AIDACKCEVSQ6C2EXAMPLE:terry@SSO"
 
