2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
It is a good idea to use IAM to divide the resources that each user can access.
With the Resource policy, it is also possible to create settings to allow by user for each ARN.
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html
0
If you want to keep all the resources in one account, consider isolating resources via tagging. You can use session tagging along with tagging of the resources to control access. Take a look at these:
- IAM tutorial: Define permissions to access AWS resources based on tags
- IAM tutorial: Use SAML session tags for ABAC
Check to see if the services and resources you plan to use support ABAC, AWS services that work with IAM.
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa