{"id":1791,"date":"2025-01-09T13:58:24","date_gmt":"2025-01-09T05:58:24","guid":{"rendered":"https:\/\/www.fanyamin.com\/wordpress\/?p=1791"},"modified":"2025-01-09T13:58:24","modified_gmt":"2025-01-09T05:58:24","slug":"whats-aws-iam-and-how-it-works","status":"publish","type":"post","link":"https:\/\/www.fanyamin.com\/wordpress\/?p=1791","title":{"rendered":"What’s AWS IAM and how it works"},"content":{"rendered":"

AWS IAM \u662f\u4ec0\u4e48\uff1f<\/strong><\/h3>\n

AWS Identity and Access Management (IAM)<\/strong> \u662f Amazon Web Services \u63d0\u4f9b\u7684\u4e00\u9879\u670d\u52a1\uff0c\u7528\u4e8e \u7ba1\u7406\u8bbf\u95ee AWS \u8d44\u6e90\u7684\u6743\u9650<\/strong>\u3002\u901a\u8fc7 IAM\uff0c\u4f60\u53ef\u4ee5\u5b9a\u4e49\u8c01\u53ef\u4ee5\u8bbf\u95ee\u54ea\u4e9b\u8d44\u6e90\uff0c\u4ee5\u53ca\u5141\u8bb8\u4ed6\u4eec\u8fdb\u884c\u4ec0\u4e48\u64cd\u4f5c\u3002<\/p>\n

\n

AWS IAM \u7684\u7528\u9014<\/strong><\/h3>\n
    \n
  1. \n

    \u7528\u6237\u7ba1\u7406<\/strong>:<\/p>\n

      \n
    • \u521b\u5efa\u548c\u7ba1\u7406 AWS \u7528\u6237\u548c\u7ec4\u3002<\/li>\n
    • \u4e3a\u7528\u6237\u5206\u914d\u767b\u5f55\u51ed\u8bc1\u548c\u6743\u9650\u3002<\/li>\n<\/ul>\n<\/li>\n
    • \n

      \u8bbf\u95ee\u63a7\u5236<\/strong>:<\/p>\n

        \n
      • \u901a\u8fc7\u7b56\u7565 (Policy) \u63a7\u5236\u7528\u6237\u6216\u670d\u52a1\u7684\u6743\u9650\u3002<\/li>\n
      • \u5b9e\u73b0\u6700\u5c0f\u6743\u9650\u539f\u5219\uff08\u4ec5\u8d4b\u4e88\u7528\u6237\u5b8c\u6210\u4efb\u52a1\u6240\u9700\u7684\u6700\u4f4e\u6743\u9650\uff09\u3002<\/li>\n<\/ul>\n<\/li>\n
      • \n

        \u5b89\u5168\u8ba4\u8bc1<\/strong>:<\/p>\n

          \n
        • \u63d0\u4f9b\u591a\u56e0\u7d20\u8ba4\u8bc1 (MFA)\u3002<\/li>\n
        • \u4f7f\u7528\u8bbf\u95ee\u5bc6\u94a5\u548c\u4e34\u65f6\u51ed\u8bc1\u652f\u6301\u7a0b\u5e8f\u5316\u8bbf\u95ee\u3002<\/li>\n<\/ul>\n<\/li>\n
        • \n

          \u8de8\u8d26\u6237\u8bbf\u95ee<\/strong>:<\/p>\n

            \n
          • \u4f7f\u7528\u89d2\u8272\u5141\u8bb8\u7528\u6237\u6216\u670d\u52a1\u5728\u591a\u4e2a AWS \u8d26\u6237\u95f4\u8bbf\u95ee\u8d44\u6e90\u3002<\/li>\n<\/ul>\n<\/li>\n
          • \n

            \u4e0e\u670d\u52a1\u96c6\u6210<\/strong>:<\/p>\n

              \n
            • \u4e3a EC2 \u5b9e\u4f8b\u3001Lambda \u51fd\u6570\u7b49\u5206\u914d\u89d2\u8272\uff0c\u6388\u6743\u8fd9\u4e9b\u670d\u52a1\u8bbf\u95ee\u5176\u4ed6 AWS \u670d\u52a1\uff08\u5982 S3\u3001DynamoDB\uff09\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n
              \n

              AWS IAM \u7684\u5de5\u4f5c\u539f\u7406<\/strong><\/h3>\n

              IAM \u7684\u6838\u5fc3\u5de5\u4f5c\u673a\u5236\u57fa\u4e8e\u4ee5\u4e0b\u51e0\u4e2a\u6982\u5ff5\uff1a<\/p>\n

              1. \u5173\u952e\u5b9e\u4f53<\/strong><\/h4>\n
                \n
              • \n

                \u7528\u6237 (User)<\/strong>:<\/p>\n

                  \n
                • \u662f\u4e00\u4e2a\u552f\u4e00\u7684\u8eab\u4efd\uff0c\u7528\u4e8e\u4ee3\u8868\u4e00\u4e2a\u4eba\u6216\u5e94\u7528\u7a0b\u5e8f\u3002<\/li>\n
                • \u7528\u6237\u53ef\u4ee5\u6709\u8bbf\u95ee\u5bc6\u94a5 (Access Key)\u3001\u5bc6\u7801\u6216 MFA\u3002<\/li>\n<\/ul>\n<\/li>\n
                • \n

                  \u7ec4 (Group)<\/strong>:<\/p>\n

                    \n
                  • \u662f\u7528\u6237\u7684\u96c6\u5408\uff0c\u7528\u4e8e\u7edf\u4e00\u7ba1\u7406\u6743\u9650\u3002<\/li>\n
                  • \u7528\u6237\u7ee7\u627f\u7ec4\u7684\u7b56\u7565\u3002<\/li>\n<\/ul>\n<\/li>\n
                  • \n

                    \u89d2\u8272 (Role)<\/strong>:<\/p>\n

                      \n
                    • \u662f\u4e00\u4e2a\u4e34\u65f6\u8eab\u4efd\uff0c\u7528\u4e8e\u5141\u8bb8\u5b9e\u4f53\uff08\u5982\u7528\u6237\u3001\u5e94\u7528\u7a0b\u5e8f\u6216 AWS \u670d\u52a1\uff09\u8bbf\u95ee\u8d44\u6e90\u3002<\/li>\n
                    • \u4f7f\u7528\u4fe1\u4efb\u7b56\u7565\u5b9a\u4e49\u8c01\u53ef\u4ee5\u5047\u8bbe\u8be5\u89d2\u8272\u3002<\/li>\n<\/ul>\n<\/li>\n
                    • \n

                      \u7b56\u7565 (Policy)<\/strong>:<\/p>\n