05-IAM

type
status
date
slug
summary
tags
category
icon
password

IAM

  • identity access management
    • create and grant permission
    • create groups and roles
    • control access to AWS resources
  • root account
  • policy document
    • json
    • can sign to
      • users
      • groups
      • roles
  • work in global level, not region level
  • inherit user permission from groups is the best practise
  • one user equal one physical user
  • should only assign a user a group minimum amount previliges
  • identity provider
    • SAML: Security Assertion Markup Language
    06 - 饮食记录 042304-Region/AZ