Cloud Security

AWS Security

Security

Acceptable Use Policy.

IAM

IAM: Identity and Access Management.

STS: Security Token Service.

ACL: Access control list.

SG: Security Group.

https://aws.amazon.com/cn/iam/

$aws iam list-users

IAM的三种身份类型:

  • Users
  • Groups
  • Roles

IAM通过Policy(json)分配权限。

SSO

sso登陆:

aws configure sso
aws sso login --no-browser 
aws sso logout

Secrets Manager

ACM

AWS Certificate Manager.

在route 53创建托管区(hosted zones)之后,可以在ACM申请证书。

申请好了证书,需要在route 53创建记录.

aws acm list-certificates --region eu-west-1

aws-load-balancer-controller可以自动关联ACM的证书和ingress.

Artifact

自助的合规报告。

WAF

Shield

KMS

Key Management Service.

Inspector

GuardDuty

Cognito

支持google/amazon/MS-AD/SAML 登陆。

Audit Manager

CloudHSM

Detective

Directory Service

Firewall Manager

Macie

Network Firewall

RAM

Resource Access Manager

Security Hub

STS

Security Token Service

© 2013 - 2024 Morgoth
Designed by Canux