Auto-sync: 2026-04-19 14:51
This commit is contained in:
37
wiki/entities/IAM-AWS-Identity-and-Access-Management.md
Normal file
37
wiki/entities/IAM-AWS-Identity-and-Access-Management.md
Normal file
@@ -0,0 +1,37 @@
|
||||
---
|
||||
title: "IAM (AWS Identity and Access Management)"
|
||||
type: entity
|
||||
tags: [AWS, Security, Identity, Access-Management]
|
||||
date: 2026-04-19
|
||||
---
|
||||
|
||||
## Definition
|
||||
AWS IAM(身份和访问管理)是 AWS 的身份验证和授权服务,控制谁能访问 AWS 资源以及可以执行什么操作。
|
||||
|
||||
## Key Components
|
||||
- **IAM 用户**:代表人员或应用程序的持久化身份凭证
|
||||
- **IAM 组**:将多个 IAM 用户分组以简化权限管理
|
||||
- **IAM 角色**:可以被临时 assum 的身份,用于授予临时权限
|
||||
- **IAM 策略**:定义权限的 JSON 文档
|
||||
|
||||
## Core Concepts
|
||||
- **联合访问**:通过外部身份提供商(如 Active Directory)映射 IAM 角色的访问方式
|
||||
- **最小权限原则**:只授予完成任务所需的最小权限
|
||||
- **角色信任策略**:定义谁可以 assum 该角色的策略
|
||||
- **权限边界**:限制 IAM 实体最大权限的机制
|
||||
|
||||
## Connections
|
||||
- [[AWS]] ← provides ← [[IAM (AWS Identity and Access Management)]]
|
||||
- [[IAM-用户]] ← part_of ← [[IAM (AWS Identity and Access Management)]]
|
||||
- [[IAM-角色]] ← part_of ← [[IAM (AWS Identity and Access Management)]]
|
||||
- [[IAM-策略]] ← attached_to ← [[IAM-角色]]
|
||||
- [[Active-Directory]] ← federates_to ← [[IAM-角色]]
|
||||
|
||||
## Use Cases
|
||||
- 服务账号管理
|
||||
- 跨账号访问授权
|
||||
- 联合身份验证
|
||||
- 最小权限访问控制
|
||||
|
||||
## Sources
|
||||
- [[ctp-topic-5-aws-identity-and-access-management-iam]]
|
||||
Reference in New Issue
Block a user