Manual management is tedious and error prone.
In particular, I want to be able to add and remove keys and assign user's access rights to certain servers.
If I remove a key, the access to all servers should be revoked.
What do you use for this?
From the link:
To start a session using SSH, run the following command:
ssh -i /path/my-key-pair.pem username@instance-id
In the past (company with <1000 employees), I set up nss-cache and a saltstack system on a timer to regularly deploy new keys from LDAP (we used bastion hosts to control for any dangers of config drift and I wanted zero SPOFs during steady state). I would say this is the least likely to fail under all scenarios and is therefore the best choice unless it is somehow untenable (large number of employees, or extremely dynamic user creation/deletion)
You might also find Smallstep  and SSH Lockbox  interesting.
The other answer about AWS Systems Manager is good. I recommend it.
Other way is piggybacked off of AWS IAM and CodeDeploy. Users load their personal keys into CodeDeploy and you manage them through IAM. Every container/SSH machine syncs keys from CodeDeploy every 10 minutes (whatever you set the cron to).
Lastly, you can connect EC2 Instance Connect
I think I remember reading somewhere that there's a way of using LDAP / ActiveDirectory (I'm pretty much the only guy running Linux on my machine) but I haven't looked into it yet.
Signing certificates for hosts and users. Never deal with authorized_keys files ever again.
For servers with an access to multiple users via SSH with PKI auth you have to use AuthorizedPrincipalsFile anyway. edit: and to avoid gazillion issuing CAs for managing group access.
See e.g. https://news.ycombinator.com/item?id=16615307 for some more info.
There is also a cron that checks authorized_users vs git and sends email when something is out of sync.
It also integrates with AWS well, and of course your own applications.
"AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications."