1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
0
Hi Lin,
Current best practice is to use the AWS CLI in conjunction with AWS IAM Identity Center for workforce usage of AWS CLI . This allows you to obtain short-lived credentials and have the users logging in using the best practices including MFA if you have it set it up that way. You probably find many tutorials with IAM User usage because that option has been available for several years (10+) and used to be the standard, while the Identity Center integration with AWS CLI it's way more recent (3 years or so I believe) and it's the current best practice.
So to your questions;
- No, there is no long term problem, we prefer you using it with IAM Identity Center (with MFA if possible please!)
- While it's possible to have multiple configurations, you shouldn't require to use IAM Users with AWS CLI unless you have a specific use case which requires you to have a IAM User rather than a IAM Role. This could happen when you want to provide access to your environment to an application that lives outside of AWS (IE: A non-AWS third party wants to access your S3 bucket for some reason), as in any other case when apps are inside AWS, you can leverage IAM Roles to obtain access to your resources.
It seems you have set it up well, keep with it!
respondido há 3 meses
Conteúdo relevante
- AWS OFICIALAtualizada há um ano
Appreciate the fast response and useful info., Pablo!
Lin