[英]AWS Organization accounts manangement
Let's assume in current AWS organization we have 2 developers accounts.假设在当前的 AWS 组织中,我们有 2 个开发人员帐户。 From what I found it is a good practice to create a separate AWS account per environment and give access to these resources.根据我的发现,为每个环境创建一个单独的 AWS 账户并授予对这些资源的访问权限是一个很好的做法。
My question is:我的问题是:
What is the best way to share access to the resources (eg EC2, EKS, EFS) for multiple developers?为多个开发人员共享资源(例如 EC2、EKS、EFS)的访问权限的最佳方式是什么? Now I see only these two options:现在我只看到这两个选项:
Please let me know.请告诉我。 I appreciate any type of help!我感谢任何类型的帮助! :) :)
You should setup AWS SSO.您应该设置 AWS SSO。 Either integrated with your existing identity provider, or using the built in user system.与您现有的身份提供者集成,或使用内置用户系统。
https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
This will allow you to create permission sets.这将允许您创建权限集。 Then, you can assign permission sets to users in particular accounts.然后,您可以为特定帐户中的用户分配权限集。 This will create a role in the account which the users can assume这将在用户可以承担的帐户中创建一个角色
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.