Category: 似水流年
Overview SPIFFE (Secure Production Identity Framework For Everyone) is a set of standards for securely identifying workloads. SPIFFE sets out: A format for uniquely specifying an identity called SPIFFE ID. Standards for encoding the SPIFFE ID into verifiable documents which are called SVIDs (SPIFFE Verifiable Identity Document), and which come in a JWT and X.509 […]
IAM Resource The IAM service stores these resources. You can add, edit, and remove them from the IAM console. IAM user IAM group IAM role Permission policy Identity-provider object IAM Entity IAM resources that AWS uses for authentication. Specify the entity as a Principal in a resourcebased policy. IAM user IAM role IAM Identity The […]
1. IAM Role(IAM 角色) 什么是 IAM 角色? IAM 角色是 AWS 提供的一种 身份,类似于用户,但它不是为特定人创建的,而是赋予 AWS 服务或其他身份的权限集合。 角色的特点:临时性、需要通过某种机制“扮演”(assume)角色后才能使用它的权限。 使用场景: 一个 EC2 实例需要访问 S3 存储桶,但不需要使用长期密钥(如 Access Key 和 Secret Key)。 AWS Lambda 函数调用 DynamoDB 时需要临时权限。 示例: 假如一个角色被授予读取 S3 的权限,那么 EC2 或 Lambda 可以在运行时“扮演”这个角色来访问 S3。 2. IAM Policy(IAM 策略) 什么是 IAM 策略? IAM 策略是用来 定义权限 的文档,通常以 JSON 格式编写。 它规定了“谁可以做什么”,具体定义: 谁:角色、用户或组。 […]
Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls. ARN format The following are the general formats for ARNs. The specific formats depend on the […]
https://docs.aws.amazon.com/pdfs/sdk-for-java/latest/developer-guide/aws-sdk-java-dg-v2.pdf
Security Token Service Security Token Service (STS) enables you to request temporary, limited-privilege credentials for users. Use AWS Security Token Service (AWS STS) to create and provide trusted users with temporary security credentials that can control access to your AWS resources. Temporary security credentials work almost identically to long-term access key credentials, with the following […]
1. Hard Skills (Technical Skills) These are the measurable, teachable skills directly related to software development. a. Programming and Software Engineering Fundamentals Programming Languages: Learn multiple paradigms (e.g., Object-Oriented, Functional, Procedural). Examples: Python, Java, C++, JavaScript, Rust, etc. Data Structures and Algorithms: Understand core concepts like arrays, linked lists, trees, graphs, sorting, and searching algorithms. […]
Identity & access management User & group management Service principals SSO MFA Role-based access control Resource-based access control Workload Identity Federation Secrets lifecycle management Static secrets Auto-rotating secrets Dynamic secrets Secrets sync Secret versioning Secret import Webhooks Integrations HCP Terraform AWS Azure Google Cloud Platform Kubernetes GitHub Vercel MongoDB Atlas Twilio Log streaming Security & […]
长文本分割是构建高效检索系统的重要步骤,好的分割方法需要兼顾语义完整性和块大小适中。我们要避免简单的固定长度切分导致语义丢失的问题: 1. 基于句子分割 方法 使用自然语言处理工具将文本分割成句子,然后再组合成适当大小的块。 实现示例 import nltk from nltk.tokenize import sent_tokenize # 下载 punkt 分词器(首次运行需要) nltk.download('punkt') def split_text_by_sentences(text, chunk_size=300): sentences = sent_tokenize(text) chunks = [] current_chunk = "" for sentence in sentences: # 如果当前块加上新句子的长度超过 chunk_size,则开始新块 if len(current_chunk) + len(sentence) > chunk_size: chunks.append(current_chunk.strip()) current_chunk = sentence else: current_chunk += " " + sentence # 添加最后一个块 […]
Overview AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. IAM provides the infrastructure […]