We're a small team with some standard AWS EC2 Ubuntu 20.04 servers that need to have some ports open to the world. We're connecting to these servers through passwordless SSH. So far, we've just kept the standard ubuntu user to prevent additional setup and it's been working fine so we'd prefer to keep it that way.
For extra security though, I'm thinking it could make sense to have the standard ubuntu user require sudo password to act as root with the sudo password being stored in a separate password manager. Additionally, this might make anyone on the team think twice before SSH'ing in and doing something stupid with sudo (maliciously or otherwise).
The ubuntu user's sudo access is provided by a default file /etc/sudoers.d/90-cloud-init-users, which has the line ubuntu ALL=(ALL) NOPASSWD:ALL. This is imported by the line #includedir /etc/sudoers.d in the sudoers line.
I've setup a password for the ubuntu user fine, but I get a permission error when trying to remove or modify /etc/sudoers.d/90-cloud-init-users. Instead, I've removed the #includedir /etc/sudoers.d line, which essentially amounts to removing that file as there's no other files in the directory. This works fine. However, I'm guessing this is bad practice. Is it important to keep that line, and if so, why?