AWS 组织账户管理
[英]AWS Organization accounts manangement
问题描述
Let's assume in current AWS organization we have 2 developers accounts.
假设在当前的 AWS 组织中,我们有 2 个开发人员帐户。 From what I found it is a good practice to create a separate AWS account per environment and give access to these resources.根据我的发现,为每个环境创建一个单独的 AWS 账户并授予对这些资源的访问权限是一个很好的做法。
My question is:我的问题是:
What is the best way to share access to the resources (eg EC2, EKS, EFS) for multiple developers?为多个开发人员共享资源(例如 EC2、EKS、EFS)的访问权限的最佳方式是什么? Now I see only these two options:现在我只看到这两个选项:
- Create a separate AWS account for each developer and allow to access some resources by applying roles to that developers AWS accounts.为每个开发人员创建一个单独的 AWS 账户,并允许通过将角色应用于该开发人员的 AWS 账户来访问某些资源。
- Within a root account of each AWS environment create a IAM user account for each developer and from that point manage permissions by policies and user groups.在每个 AWS 环境的根账户中,为每个开发人员创建一个 IAM 用户账户,然后按策略和用户组管理权限。
Please let me know.请告诉我。 I appreciate any type of help!我感谢任何类型的帮助! :) :)
1 个解决方案
解决方案1
0 2021-10-18 08:32:24
You should setup AWS SSO.您应该设置 AWS SSO。 Either integrated with your existing identity provider, or using the built in user system.与您现有的身份提供者集成,或使用内置用户系统。
https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
This will allow you to create permission sets.这将允许您创建权限集。 Then, you can assign permission sets to users in particular accounts.然后,您可以为特定帐户中的用户分配权限集。 This will create a role in the account which the users can assume这将在用户可以承担的帐户中创建一个角色
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.