zoukankan      html  css  js  c++  java
  • [AWS

    AWS STS - Security Token Service

    • Allows to grant limited and temporary access to AWS resource (up to 1 hour)
    • AssumeRole: Assume roles within your account or cross account
    • GetSessionToken: for MFA, from a user or AWS account root user
    • DecodeAuthorizationMessage: decode error message when an AWS API is denied
    • AssumeRoleWithSAML: return credentials for users logged with SAML
    • GetRederationToken: obtaini temporary creds for a federated user
    • GetCallerIdentity: return details about the IAM user or role userd in the API called

    STS with MFA

    • User GetSessionToken from STS
    • Appropriate IAM policy using IAM conditions
    • aws:MultiFactorAuthPresent: true
    • Reminder, GetSessionToken
    • return:
      • AccessID
      • Secrect Key
      • SessionToken
      • Expiration date

    IAM Policies & S3 Bucket Policies

    • IAM Policies are attached to user, roles, groups
    • S3 Bukcet Policies are attached to bucekts
    • When evaluating if an IAM Principal can perform an operation X on a bucket, the union of its assigned IAM policeis and S3 bucket policies will be evaluated

  • 相关阅读:
    css3
    如何去渲染数据?
    ajax
    Java多线程-线程安全
    java多线程-基础
    Git-团队开放中的代码同步与提交
    IDEA 调试Spring-boot 应用
    微服务-各种pom的配置和注解
    微服务-服务与注册中心
    微服务
  • 原文地址:https://www.cnblogs.com/Answer1215/p/14879513.html
Copyright © 2011-2022 走看看