AWS IAM角色与组 [英] AWS IAM Role vs Group

问题描述

AWS官方网站将角色读取为权限的集合，将组读取为用户的集合.但是他们对我来说还是一样.您将策略附加到组或角色，然后将组或角色分配给用户.角色和小组之间到底有什么区别?

The AWS official site reads role as a collection of permissions and group as a collection of users. But still they look the same to me. You attach policies to groups or roles, and then assign groups or roles to a user. What exactly are the differences between role and group?

推荐答案

AWS组是标准组，您可以将其视为几个用户的集合，并且一个用户可以属于多个组.

AWS Groups are the standard groups which you can consider as collection of several users and a user can belong to multiple groups.

AWS IAM角色都是不同的物种；它们的工作方式类似于单个用户，只不过它们主要是模仿风格，并在不指定凭证的情况下与AWS API调用进行通信.

AWS IAM Roles are all together different species; they operate like individual users except that they work mostly towards the impersonation style and perform communication with AWS API calls without specifying the credentials.

鉴于IAM角色几乎没有什么不同，我仅强调这一点.有几种类型的IAM角色，例如EC2 IAM角色，Lambda等.因此，任何与AWS API相关的通信都不需要任何AWS Access Key或Secret Key进行身份验证，而是可以直接调用API(但是答案很长-它使用STS并在后台不断回收凭证)；其功能的特权或权限由IAM角色附带的IAM策略确定.

Given that IAM Roles are little different, I am emphasizing only that. There are several types of IAM Roles like EC2 IAM Roles, Lambda etc. If you consider, you can launch an EC2 instance with an EC2 IAM Role; hence forth any AWS API related communication wouldn't require any AWS Access Key or Secret key for authentication rather can call the APIs directly (however the long answer is - it uses STS and continuously recycles the credentials behind the scenes); the privileges or permissions of what it can do is determined by the IAM Policies attached to the IAM Role.

Lambda IAM角色的工作原理完全相同，只是只有Lambda函数可以使用Lambda IAM角色等.

Lambda IAM Role works exactly the same, except that only Lambda function can use the Lambda IAM Role etc.

这篇关于AWS IAM角色与组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！