AWS Security

Security

Acceptable Use Policy.

IAM

IAM: Identity and Access Management.

STS: Security Token Service.

ACL: Access control list.

SG: Security Group.

https://aws.amazon.com/cn/iam/

$aws iam list-users

IAM的三种身份类型:

  • Users
  • Groups
  • Roles

IAM通过Policy(json)分配权限。


SSO

sso登陆:

aws sso login --no-browser 
aws sso logout

Secrets Manager


ACM

AWS Certificate Manager.

在route 53创建托管区(hosted zones)之后,可以在ACM申请证书。

申请好了证书,需要在route 53创建记录.

aws acm list-certificates --region eu-west-1

aws-load-balancer-controller可以自动关联ACM的证书和ingress.


Artifact

自助的合规报告。


WAF

Shield


KMS

Key Management Service.

Inspector

GuardDuty

Cognito

支持google/amazon/MS-AD/SAML 登陆。

Designed by Canux