程序笔记
发布时间:2022-07-19 发布网站:大佬教程 code.js-code.com
大佬教程收集整理的这篇文章主要介绍了[AWS - DA] Advanced Identity,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
AWS STS - Security Token service
- Allows to grant limited and temporary access to AWS resource (up to 1 hour)
- AssumeRole: Assume roles within your account or cross account
- GetSessionToken: for MFA, from a user or AWS account root user
- DecodeAuthorizationmessage: decode error message when an AWS API is denied
- AssumeRoleWithSAML: return credentials for users logged with SAML
- GetRederationToken: obtaini temporary creds for a federated user
- GetCallerIdentity: return details about the IAM user or role userd in the API called
STS with MFA
- User GetSessionToken from STS
- Appropriate IAM policy using IAM conditions
- aws:MultiFactorauthpresent: true
- Reminder, GetSessionToken
- return:
- AccessID
- Secrect Key
- SessionToken
- Expiration date
IAM Policies & S3 Bucket Policies
- IAM Policies are attached to user, roles, groups
- S3 BukCET Policies are attached to bucekts
- When evaluaTing if an IAM Principal can perform an operation X on a bucket, the union of its assigned IAM policeis and S3 bucket policies will be evaluated
大佬总结
以上是大佬教程为你收集整理的[AWS - DA] Advanced Identity全部内容,希望文章能够帮你解决[AWS - DA] Advanced Identity所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。