本文主要是介绍AWS 给IAM用户分配——允许使用 MFA,自行管理自己的密码、访问密钥和 SSH 公有密钥的权限,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
问题
需要给开发组的IAM用户分配,如下权限:
- 允许使用 MFA
- 自行管理自己的密码
- 访问密钥
- SSH 公有密钥的权限
权限json
{"Version": "2012-10-17","Statement": [{"Sid": "AllowViewAccountInfo","Effect": "Allow","Action": ["iam:GetAccountPasswordPolicy","iam:GetAccountSummary","iam:ListVirtualMFADevices"],"Resource": "*"},{"Sid": "AllowManageOwnVirtualMFADevice","Effect": "Allow","Action": ["iam:CreateVirtualMFADevice"],"Resource": "arn:aws:iam::*:mfa/*"},{"Sid": "AllowManageOwnPasswords","Effect": "Allow","Action": ["iam:ChangePassword","iam:GetUser","iam:DeactivateMFADevice","iam:EnableMFADevice","iam:GetMFADevice","iam:ListMFADevices","iam:ResyncMFADevice"],"Resource": "arn:aws:iam::*:user/${aws:username}"},{"Sid": "AllowManageOwnAccessKeys","Effect": "Allow","Action": ["iam:CreateAccessKey","iam:DeleteAccessKey","iam:ListAccessKeys","iam:UpdateAccessKey","iam:GetAccessKeyLastUsed"],"Resource": "arn:aws:iam::*:user/${aws:username}"},{"Sid": "AllowManageOwnSSHPublicKeys","Effect": "Allow","Action": ["iam:DeleteSSHPublicKey","iam:GetSSHPublicKey","iam:ListSSHPublicKeys","iam:UpdateSSHPublicKey","iam:UploadSSHPublicKey"],"Resource": "arn:aws:iam::*:user/${aws:username}"}]
}
参考
- AWS:允许 IAM 用户在“安全凭证”页面上管理自己的密码、访问密钥和 SSH 公有密钥
- AWS:允许使用 MFA 完成身份验证的 IAM 用户在“安全凭证”页面上管理自己的 MFA 设备。
这篇关于AWS 给IAM用户分配——允许使用 MFA,自行管理自己的密码、访问密钥和 SSH 公有密钥的权限的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
