[英]IAM S3 Service Role Use Case
I am currently still learning IAM role.我目前仍在学习 IAM 角色。 As an example, I was able to create EC2 type role and attach the S3 Full Access Control policy.例如,我能够创建 EC2 类型的角色并附加 S3 完全访问控制策略。 In that case, my EC2 instances can access S3 once the role is attached.在这种情况下,我的 EC2 实例可以在附加角色后访问 S3。 Fairly easy to understand.相当容易理解。
What is a use case if we select S3 as the type of trusted entity?如果我们将 select S3 作为可信实体的类型,用例是什么? From my understanding, the access to S3 is usually controlled by the policy.据我了解,对 S3 的访问通常由策略控制。 How would S3 service as trusted entity assume the role and what kind of policies could be attached to this role?作为受信任实体的 S3 服务将如何承担这个角色以及可以为这个角色附加什么样的策略? Just wondering if someone could give me a use case for this.只是想知道是否有人可以给我一个用例。 Thanks.谢谢。
When you add a trusted entity to an IAM role that service is granted the ability to assume the IAM role.当您将可信实体添加到 IAM 角色时,该服务被授予承担 IAM 角色的能力。
For S3 an example of when this needs to happen is when you want to enable replication, you grant the S3 service the ability to retrieve items from a bucket and put them in another bucket.对于 S3,需要发生这种情况的一个示例是,当您想要启用复制时,您授予 S3 服务从存储桶中检索项目并将它们放入另一个存储桶的能力。
For more information on this specific use case take a look at the Setting up permissions for replication page.有关此特定用例的更多信息,请查看设置复制权限页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.