- Users or Groups can be assigned JSON documents called policies
- These policies define the permisssions of the users
- In AWS you apply the least privilege principle: don't give more permissions than a user needs
{
"Version": "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : "ec2:Describe*",
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : "elasticloadbalancing:describe*",
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : " [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
],
"Resource" : "*"
}
]
}
댓글 없음:
댓글 쓰기