- Implementing Cloud Design Patterns for AWS(Second Edition)
- Sean Keery Clive Harber Marcus Young
- 157字
- 2021-06-24 15:11:56
Security Token Service
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users. We'll see why this is a great feature when we cover least privilege security in Chapter 4, Security - Ensuring the Integrity of Your Systems.
Speaking of least privilege, you really shouldn't be using your root user for AWS console access. Let's create a new user. Then go back and see whether you can recreate your environment with the new user.
Create a file named user.tf and add the following:
resource "aws_iam_user" "cloudpatterns" {
name = "loadbalancer"
}
resource "aws_iam_group" "group" {
name = "cloudpatterngroup"
}
resource "aws_iam_group_membership" "admin" {
name = "tf-admin-group-membership"
users = [
"${aws_iam_user.cloudpatterns.name}",
]
group = "${aws_iam_group.group.name}"
}
resource "aws_iam_group_policy_attachment" "test-attach" {
group = "${aws_iam_group.group.name}"
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}
Save it, then run the following:
terraform plan
terraform apply -target=aws_iam_user.cloudpatterns
You should see your new user in the IAM console.
推薦閱讀
- 樂(lè)學(xué)Windows操作系統(tǒng)
- 從零開始寫Linux內(nèi)核:一書學(xué)透核心原理與實(shí)現(xiàn)
- Kali Linux滲透測(cè)試全流程詳解
- Arch Linux Environment Setup How-to
- Persistence in PHP with the Doctrine ORM
- 構(gòu)建可擴(kuò)展分布式系統(tǒng):方法與實(shí)踐
- 嵌入式Linux驅(qū)動(dòng)程序和系統(tǒng)開發(fā)實(shí)例精講
- Implementing Azure DevOps Solutions
- Linux網(wǎng)絡(luò)內(nèi)核分析與開發(fā)
- Kali Linux 2018:Windows Penetration Testing
- Kali Linux高級(jí)滲透測(cè)試
- Windows 10從新手到高手
- Linux軟件管理平臺(tái)設(shè)計(jì)與實(shí)現(xiàn)
- Linux網(wǎng)絡(luò)操作系統(tǒng)項(xiàng)目教程(RHEL 7.4/CentOS 7.4)(第3版)(微課版)
- 大規(guī)模Linux集群架構(gòu)最佳實(shí)踐:如何管理上千臺(tái)服務(wù)器