AWS CLI 可以与联合登录一起使用吗? [英] Can AWS CLI be used with a federated login?
问题描述
我使用我公司的 Active Directory 帐户登录 AWS.我们正在使用联合登录,如此处所述:
I login to AWS with my Active Directory account in my company. We are using federated login, as described here:
联合用户和角色
联合用户不像 IAM 用户那样在您的 AWS 账户中拥有永久身份.要为联合用户分配权限,您可以创建一个称为角色的实体并为该角色定义权限.当联合用户登录 AWS 时,该用户与角色关联并被授予角色中定义的权限.有关详细信息,请参阅为第三方身份提供者(联合)创建角色.
Federated users don't have permanent identities in your AWS account the way that IAM users do. To assign permissions to federated users, you can create an entity referred to as a role and define permissions for the role. When a federated user signs in to AWS, the user is associated with the role and is granted the permissions that are defined in the role. For more information, see Creating a Role for a Third-Party Identity Provider (Federation).
我的公司有一个安全令牌服务 (STS),它是 SAML 提供商.
My company has a Security Token Service (STS) which is a SAML provider.
我可以使用它登录 AWS 管理控制台,但我也可以使用联合登录名登录 AWS CLI?
I can use that to login to AWS management console, but can I login to AWS CLI as well with my federated login?
推荐答案
是的,这是可能的,但不是一蹴而就的.AWS 安全博客中有一篇相当长的博文解释了如何能够以 SAML 联合用户的身份使用 CLI:https://aws.amazon.com/de/blogs/security/how-to-implement-federated-api-and-cli-access-using-saml-2-0-and-ad-fs/
Yes, it is possible, however it's not straight forward. There is a rather long blog post in the AWS Security Blog explaining how to be able to use the CLI as SAML-federated user: https://aws.amazon.com/de/blogs/security/how-to-implement-federated-api-and-cli-access-using-saml-2-0-and-ad-fs/
这篇关于AWS CLI 可以与联合登录一起使用吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!