[AWS - DA] Advanced Identity

大佬教程收集整理的这篇文章主要介绍了[AWS - DA] Advanced Identity，大佬教程大佬觉得挺不错的，现在分享给大家，也给大家做个参考。

AWS STS - Security Token service

• Allows to grant limited and temporary access to AWS resource (up to 1 hour)
• AssumeRole: Assume roles within your account or cross account
• GetSessionToken: for MFA, from a user or AWS account root user
• DecodeAuthorizationmessage: decode error message when an AWS API is denied
• AssumeRoleWithSAML: return credentials for users logged with SAML
• GetRederationToken: obtaini temporary creds for a federated user
• GetCallerIdentity: return details about the IAM user or role userd in the API called

STS with MFA

• User GetSessionToken from STS
• Appropriate IAM policy using IAM conditions
• aws:MultiFactorauthpresent: true
• Reminder, GetSessionToken
• return:
  • AccessID
  • Secrect Key
  • SessionToken
  • Expiration date

IAM Policies & S3 Bucket Policies

• IAM Policies are attached to user, roles, groups
• S3 BukCET Policies are attached to bucekts
• When evaluaTing if an IAM Principal can perform an operation X on a bucket, the union of its assigned IAM policeis and S3 bucket policies will be evaluated

大佬总结

以上是大佬教程为你收集整理的[AWS - DA] Advanced Identity全部内容，希望文章能够帮你解决[AWS - DA] Advanced Identity所遇到的程序开发问题。

如果觉得大佬教程网站内容还不错，欢迎将大佬教程推荐给程序员好友。

本图文内容来源于网友网络收集整理提供，作为学习参考使用，版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ：384754419，请注明来意。