AWS 给IAM用户分配——允许使用 MFA,自行管理自己的密码、访问密钥和 SSH 公有密钥的权限

问题

需要给开发组的IAM用户分配,如下权限:

  • 允许使用 MFA
  • 自行管理自己的密码
  • 访问密钥
  • SSH 公有密钥的权限

权限json

json 复制代码
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowViewAccountInfo",
            "Effect": "Allow",
            "Action": [
                "iam:GetAccountPasswordPolicy",
                "iam:GetAccountSummary",
                "iam:ListVirtualMFADevices"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowManageOwnVirtualMFADevice",
            "Effect": "Allow",
            "Action": [
                "iam:CreateVirtualMFADevice"
            ],
            "Resource": "arn:aws:iam::*:mfa/*"
        },
        {
            "Sid": "AllowManageOwnPasswords",
            "Effect": "Allow",
            "Action": [
                "iam:ChangePassword",
                "iam:GetUser",
                "iam:DeactivateMFADevice",
                "iam:EnableMFADevice",
                "iam:GetMFADevice",
                "iam:ListMFADevices",
                "iam:ResyncMFADevice"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnAccessKeys",
            "Effect": "Allow",
            "Action": [
                "iam:CreateAccessKey",
                "iam:DeleteAccessKey",
                "iam:ListAccessKeys",
                "iam:UpdateAccessKey",
                "iam:GetAccessKeyLastUsed"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowManageOwnSSHPublicKeys",
            "Effect": "Allow",
            "Action": [
                "iam:DeleteSSHPublicKey",
                "iam:GetSSHPublicKey",
                "iam:ListSSHPublicKeys",
                "iam:UpdateSSHPublicKey",
                "iam:UploadSSHPublicKey"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        }
    ]
}

参考

相关推荐
花千烬2 小时前
crictl info 连不上 containerd 怎么办?endpoint、socket 与权限一次查清
云计算
AKAMAI3 天前
每百万 Token 成本砍六成,出海 AI 团队开始重算推理这笔账
人工智能·云计算
Web3探索者9 天前
可视化服务器管理和传统命令行区别是什么?新手教程:Linux 运维到底该用图形界面还是 SSH 命令行?
linux·ssh
A小辣椒14 天前
AWS Clould Support Engineer就职面试题
aws
开发者联盟league16 天前
安装pnpm
ssh
2601_9618752416 天前
决战申论100题2026|最新|范文
linux·容器·centos·debian·ssh·fabric·vagrant
tiancaijiben16 天前
阿里云Kubernetes集群托管完全指南:从创建到生产级运维
云计算
亚林瓜子16 天前
AWS WAF中如何放行某个触发了托管规则的接口
aws·waf
互联网推荐官16 天前
上海软件定制开发公司推荐:从PaaS工程化路径看D-coding的技术取舍
云原生·云计算·paas·软件开发·开发经验·上海
sbjdhjd16 天前
从零搭建企业级 CI/CD(下):Jenkins+GitLab+Harbor 全链路实战指南
git·servlet·ci/cd·云原生·云计算·gitlab·jenkins