56 lines
2.0 KiB
Markdown
56 lines
2.0 KiB
Markdown
---
|
||
title: "Shared Account"
|
||
type: concept
|
||
tags: [AWS, Multi-Account, Landing-Zone, Architecture, IAM]
|
||
sources:
|
||
- ctp-topic-16-cross-account-terraform-modules.md
|
||
last_updated: 2026-05-15
|
||
---
|
||
|
||
## Overview
|
||
|
||
Shared Account(共享账号)是 AWS Landing Zone 多账号架构中的核心管理账号,托管 CI/CD 平台([[Jenkins]])、镜像仓库等公共服务,并作为跨账号部署的**信任源**(Trust Source)。
|
||
|
||
## Role in Multi-Account Architecture
|
||
|
||
在 AWS Landing Zone 中,Shared Account 是 Workload 账号之间的**唯一信任中间人**:
|
||
|
||
```
|
||
Workload Account A → 不直接访问 → Workload Account B
|
||
↑ ↓
|
||
└── ← Shared Account (Assume Role) ────┘
|
||
```
|
||
|
||
这种架构通过[[Blast-Radius]]控制实现了:
|
||
- Workload 账号之间无直接信任关系
|
||
- 所有跨账号操作通过 Shared Account 中转
|
||
- 安全策略集中管控和审计
|
||
|
||
## Responsibilities
|
||
|
||
| 职责 | 说明 |
|
||
|------|------|
|
||
| CI/CD 托管 | Jenkins、构建代理 |
|
||
| 镜像仓库 | ECR 中的容器镜像 |
|
||
| 跨账号部署 | [[ECS-Deploy-Runner]] 运行在此账号,通过 Assume Role 访问目标账号 |
|
||
| 公共服务 | DNS(NTP 等)供给 |
|
||
|
||
## Security Principles
|
||
|
||
1. **最小权限**:仅持有部署所需的两个专用角色(State Accessor + Deploy Runner Role)
|
||
2. **审计追踪**:所有操作集中记录
|
||
3. **隔离保护**:Shared Account 本身受到严格的安全控制和定期审计
|
||
|
||
## Relationships
|
||
|
||
- [[AWS-Landing-Zone]]:Shared Account 是 Landing Zone 架构的支柱
|
||
- [[ECS-Deploy-Runner]]:运行在 Shared Account 的 ECS 集群
|
||
- [[Jenkins]]:托管在 Shared Account
|
||
- [[Blast-Radius]]:Shared Account 架构是 Blast Radius 控制的核心机制
|
||
- [[Assume-Role]]:Shared Account 通过 Assume Role 访问 Workload 账号
|
||
|
||
## Related Concepts
|
||
|
||
- [[Cross-account-Terraform-Modules]]:Shared Account 支撑的核心功能
|
||
- [[Infrastructure-as-Code]]:Shared Account 中的 Jenkins 驱动 IaC 部署
|