- 新しい順
- 投票が多い順
- コメントが多い順
This is a big topic and one that is difficult to fully address in one answer.
Using lots of roles isn't a good approach. You should not create individual roles. As the name indicates, a role represents a function, think of a role as "Finance User", or "IT User" - you would not make a role for each person in IT - that does not scale.
The concept of a role is analogous to a job function.
A role can have one more permission policies associated with it - and policies can be used in more than one role.
We would discourage the use of IAM Users - in preference to temporary credentials. In practice this is sometimes not easy to do. What would make more sense would be to use SSO from the AWS Identity Center - and use an IDP you probably already have in your company (Active Directory etc...) to authenticate to the console, and other AWS resource.
https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html
関連するコンテンツ
- AWS公式更新しました 1年前