stackoom
  简体   繁体   中英

What is the relation between user, group, role, policy and AWS services?

 原文  2022-12-07 09:56:48       amazon-web-services/ amazon-iam/ aws-iam-policy

Question

A policy can be attached to a user or group. This controls what the users are able to do in AWS.

Policy can be attached to an AWS service? What is the relation between policy and AWS service?

And where does the concept of Role fit in all this?

3 answers

solution1
 2 ACCPTED  2022-12-07 11:08:25

In Amazon Web Services (AWS), a user is a person or system that interacts with the AWS platform. Users can have different levels of access to AWS services and resources, depending on their permissions.

A group is a collection of users that share the same permissions. Groups can be used to manage the permissions of multiple users at once, making it easier to manage and control access to AWS services and resources.

A role is a set of permissions that can be assumed by a user or system. Roles are used to grant users and systems access to AWS services and resources, without having to share or manage long-term credentials. Roles can be temporary or permanent, and can be assumed by users, applications, or services.

A policy is a document that defines the permissions for a user, group, or role. Policies are written in the AWS Identity and Access Management (IAM) policy language, and specify the actions and resources that a user, group, or role is allowed to access.

AWS services are the core components of the AWS platform, and include a wide range of cloud-based services for computing, storage,.networking, analytics, machine learning, and more. AWS services can be accessed by users, groups, and roles, depending on the permissions granted by policies.

In summary, the relation between user, group, role, policy, and AWS services is as follows:

A user is a person or system that interacts with AWS services. A group is a collection of users that share the same permissions. A role is a set of permissions that can be assumed by a user or system. A policy is a document that defines the permissions for a user, group, or role. AWS services are the core components of the AWS platform, and can be accessed by users, groups, and roles with the appropriate permissions.

solution2
 1  2022-12-07 10:52:39

Think of role like a container holder for permissions which can be used to delegate access to users, applications, or services that don't normally have access to your AWS resources.

From docs

An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

solution3
 0  2022-12-07 09:58:53

A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Admin Role Policy What is the meaning of aws_iam_role and aws_iam_role_policy? Difference between IAM role and IAM user in AWS What is the best built in AWS policy for a Terraform user? AccessDeniedException for the action that is allowed to a role by a policy on AWS timestream aws cli fails to return a role policy AWS IAM Role vs Group IAM role to access services of another AWS account AWS Creation Policy for Auto Scaling Group with Mixed Instances Policy Enforce tag policy for all services in aws
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM