- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Could you please let me know if the right permission would 'AmazonEC2FullAccess' and what exactcly does this permission provide?
You can see exactly what the policy includes by going to Policies in the IAM console and searching for AmazonEC2FullAccess, then click on the policy to view the permissions. I believe this direct link should work, assuming you're signed in, or you can view this copy on GitHub. Based on your problem description, this seems like the best policy to use.
If convenient, please let me know the order of the steps needed to delegate access to a third party without compromising the security of my account.
Start be creating the role. Since you want to delegate access to a third party, you'll need to know there account ID. On the Select trusted entity field, choose AWS Account, then "Another AWS Account". Optionally add an external ID if they provide one. Then enter the account ID and click next. Now search for the AmazonEC2FullAccess policy and check it to attach. Finally, type a name for the role, add any tags, and create the role. You can provide the role ARN to the third party. Now they will be able to assume the role with AmazonEC2FullAccess permissions.
See also the documentation.
In this regard, would the AWS Access Analyzer monitor the access by the third party?
You can use the access analyzer to identify all the resources that are shared with an external entity, so that may be useful for you. Refer again to the docs.
Hope this helps.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 4 Monaten
- AWS OFFICIALAktualisiert vor 2 Jahren