AWS 给IAM用户分配——允许使用 MFA,自行管理自己的密码、访问密钥和 SSH 公有密钥的权限

问题

需要给开发组的IAM用户分配,如下权限:

  • 允许使用 MFA
  • 自行管理自己的密码
  • 访问密钥
  • SSH 公有密钥的权限

权限json

json 复制代码
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowViewAccountInfo",
            "Effect": "Allow",
            "Action": [
                "iam:GetAccountPasswordPolicy",
                "iam:GetAccountSummary",
                "iam:ListVirtualMFADevices"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowManageOwnVirtualMFADevice",
            "Effect": "Allow",
            "Action": [
                "iam:CreateVirtualMFADevice"
            ],
            "Resource": "arn:aws:iam::*:mfa/*"
        },
        {
            "Sid": "AllowManageOwnPasswords",
            "Effect": "Allow",
            "Action": [
                "iam:ChangePassword",
                "iam:GetUser",
                "iam:DeactivateMFADevice",
                "iam:EnableMFADevice",
                "iam:GetMFADevice",
                "iam:ListMFADevices",
                "iam:ResyncMFADevice"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnAccessKeys",
            "Effect": "Allow",
            "Action": [
                "iam:CreateAccessKey",
                "iam:DeleteAccessKey",
                "iam:ListAccessKeys",
                "iam:UpdateAccessKey",
                "iam:GetAccessKeyLastUsed"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnSSHPublicKeys",
            "Effect": "Allow",
            "Action": [
                "iam:DeleteSSHPublicKey",
                "iam:GetSSHPublicKey",
                "iam:ListSSHPublicKeys",
                "iam:UpdateSSHPublicKey",
                "iam:UploadSSHPublicKey"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        }
    ]
}

参考

相关推荐
云资源服务商5 小时前
解锁阿里云日志服务SLS:云时代的日志管理利器
服务器·阿里云·云计算
朱包林6 小时前
day45-nginx复杂跳转与https
linux·运维·服务器·网络·云计算
sealaugh3210 小时前
aws(学习笔记第四十八课) appsync-graphql-dynamodb
笔记·学习·aws
电脑能手17 小时前
遇到该问题:kex_exchange_identification: read: Connection reset`的解决办法
linux·ubuntu·ssh
m0_694845571 天前
服务器如何配置防火墙规则开放/关闭端口?
linux·服务器·安全·云计算
moppol1 天前
Serverless 架构入门与实战:AWS Lambda、Azure Functions、Cloudflare Workers 对比
云原生·serverless·aws
观测云1 天前
观测云 × AWS SSO:权限治理可观测实践
云计算·aws
在云上(oncloudai)1 天前
AWS Directory Services全解析
aws
G皮T1 天前
【云计算】企业项目 & 策略授权
云计算·iam·公有云·企业项目·策略授权·统一身份认证
_可乐无糖1 天前
AWS WebRTC: 判断viewer端拉流是否稳定的算法
linux·服务器·webrtc·aws