堆栈内存溢出
  简体   繁体   English

AWS IAM 角色:如何确定每个 AWS 服务的特定权限

[英]AWS IAM Roles : How to identify specific permission for each AWS service

 原文  2021-08-23 19:38:23       amazon-web-services/ amazon-iam

问题描述

We have started initially by defining roles with admin access policy attached.我们最初是通过定义附加了管理员访问策略的角色开始的。 But now we want them to have policy with only specific permissions that are minimum and does not create any issues for using these roles.但现在我们希望他们拥有仅具有最低特定权限的策略,并且不会对使用这些角色造成任何问题。

Looking at " Access Advisor " tab on each role under AWS IAM console, it gives good amount of information that exactly which AWS services getting used and permission level information only for EC2, IAM, Lambda, and S3 management actions services.查看 AWS IAM 控制台下每个角色的“ Access Advisor ”选项卡,它提供了大量信息,准确说明使用了哪些 AWS 服务,以及仅针对 EC2、IAM、Lambda 和 S3 管理操作服务的权限级别信息。 But for rest of other AWS services, missing that what specific permission for that particular service is required.但是对于 rest 的其他 AWS 服务,缺少该特定服务需要的特定权限。

Also not having AWS Organizations master account access as mentioned in this tutorial: Viewing last accessed information for Organizations .也没有本教程中提到的 AWS Organizations 主账户访问权限: Viewing last accessed information for Organizations

So is there a way I can get the permissions level info for services other than EC2, IAM, Lambda, and S3 management actions?那么有没有办法获取 EC2、IAM、Lambda 和 S3 管理操作以外的服务的权限级别信息?

Thanks.谢谢。

1 个解决方案

解决方案1
 1 已采纳  2021-08-24 00:20:15

So is there a way I can get the permissions level info for services other than EC2, IAM, Lambda, and S3 management actions?那么有没有办法获取 EC2、IAM、Lambda 和 S3 管理操作以外的服务的权限级别信息?

Sadly, there is no such way provided by AWS.遗憾的是,AWS 没有提供这种方式。 So basically its try-and-see approach to get what you want.所以基本上它的尝试和看看方法来获得你想要的东西。 You can try some third party tools, which may be helpful, such as zero-iam , but ultimately, you will need custom solution to match your requirements.您可以尝试一些第三方工具,这可能会有帮助,例如zero-iam ,但最终,您将需要自定义解决方案来满足您的要求。

There is also IAM Access Analyzer which is different then Access Advisor .还有IAM Access Analyzer ,它不同于Access Advisor But its also limited to some services only.但它也仅限于某些服务。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS IAM - 如何检查用户的权限角色 - AWS IAM - how to check user's permissions roles 限制 AWS IAM 角色只修改其他角色的特定 IAM 权限? - Limit AWS IAM role to modify only specific IAM permissions of other roles? AWS iam 和 JQ 过滤角色的问题 - Problem with AWS iam and JQ filtering roles AWS - Fargate 实例和其他 AWS 服务之间的 IAM 角色 - AWS - IAM Roles between Fargate instances and other AWS services 如何生成我的所有 IAM 角色以及在 AWS 上使用这些角色的服务的列表 - How can I generate a list of all my IAM roles and the services using those roles on AWS 有关 AWS IAM 服务的查询 - Query regarding AWS IAM Service 限制其他 AWS IAM 角色与资源/权限升级交互 - Limiting other AWS IAM roles from interacting with resources/privilege escalation 具有 AWS IAM 角色的 EKS 上的 Gitlab-CI Runner - Gitlab-CI Runner on EKS with AWS IAM Roles 使用 IAM 角色模拟 AWS EC2 实例上的用户权限 - Mimic user permissions on AWS EC2 instances using IAM roles 如何在 GCP 中列出包含给定权限的所有 IAM 角色 - How to list all the IAM roles that include a given permission in GCP
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM