在 AdministratorAccess 和 Amazons3FullAccess 之间选择哪个策略
[英]Which policy to choose between AdministratorAccess and Amazons3FullAccess
问题描述
For using s3 bucket which IAM policy need to be created AdministratorAccess or AmazonS3FullAccess or both together?
对于使用 s3 存储桶,需要创建哪个 IAM 策略 AdministratorAccess 或 AmazonS3FullAccess 或两者一起创建?
2 个解决方案
解决方案1
0 2021-01-31 10:56:16
You can use amazons3full access but I would suggest you to create a custom Iam policy which gives access to just that particular bucket.您可以使用 amazons3full 访问权限,但我建议您创建一个自定义 Iam 策略,该策略仅允许访问该特定存储桶。 Refer: https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/参考: https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/
解决方案2
0 2021-01-31 10:56:24
If you are the only person using the AWS Account, then Administrator permissions are fine.如果您是唯一使用 AWS 账户的人,那么管理员权限就可以了。
If, however, multiple people are using the account, then you should consider how to manage security of the AWS Account and the resources within the account.但是,如果有多个人在使用该账户,那么您应该考虑如何管理AWS 账户和账户内资源的安全性。
Only grant Admin permissions to people who are responsible for all systems.仅向负责所有系统的人员授予管理员权限。 It has "All Access" (including Amazon S3), so it can be quite dangerous.它具有“所有访问权限”(包括 Amazon S3),因此可能非常危险。
Similarly, granting AmazonS3FullAccess is not necessarily a wise move.同样,授予AmazonS3FullAccess不一定是明智之举。 It allows the recipient all access to S3, including the ability to delete buckets and objects.它允许接收者对 S3 进行所有访问,包括删除存储桶和对象的能力。
Preferably, only allocate the permissions that each user actually needs to perform their job.最好只分配每个用户实际需要执行其工作的权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.