- Mais recentes
- Mais votos
- Mais comentários
This is a big topic and one that is difficult to fully address in one answer.
Using lots of roles isn't a good approach. You should not create individual roles. As the name indicates, a role represents a function, think of a role as "Finance User", or "IT User" - you would not make a role for each person in IT - that does not scale.
The concept of a role is analogous to a job function.
A role can have one more permission policies associated with it - and policies can be used in more than one role.
We would discourage the use of IAM Users - in preference to temporary credentials. In practice this is sometimes not easy to do. What would make more sense would be to use SSO from the AWS Identity Center - and use an IDP you probably already have in your company (Active Directory etc...) to authenticate to the console, and other AWS resource.
https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html
Conteúdo relevante
- AWS OFICIALAtualizada há 2 meses
- AWS OFICIALAtualizada há 2 anos