- Implementing Cloud Design Patterns for AWS(Second Edition)
- Sean Keery Clive Harber Marcus Young
- 157字
- 2021-06-24 15:11:56
Security Token Service
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users. We'll see why this is a great feature when we cover least privilege security in Chapter 4, Security - Ensuring the Integrity of Your Systems.
Speaking of least privilege, you really shouldn't be using your root user for AWS console access. Let's create a new user. Then go back and see whether you can recreate your environment with the new user.
Create a file named user.tf and add the following:
resource "aws_iam_user" "cloudpatterns" {
name = "loadbalancer"
}
resource "aws_iam_group" "group" {
name = "cloudpatterngroup"
}
resource "aws_iam_group_membership" "admin" {
name = "tf-admin-group-membership"
users = [
"${aws_iam_user.cloudpatterns.name}",
]
group = "${aws_iam_group.group.name}"
}
resource "aws_iam_group_policy_attachment" "test-attach" {
group = "${aws_iam_group.group.name}"
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}
Save it, then run the following:
terraform plan
terraform apply -target=aws_iam_user.cloudpatterns
You should see your new user in the IAM console.
推薦閱讀
- 操作系統實用教程(Linux版)
- 蘋果電腦玩全攻略 OS X 10.8 Mountain Lion
- vSphere Virtual Machine Management
- 玩到極致 iPhone 4S完全攻略
- 計算機系統開發與優化實戰
- Linux服務器配置與管理
- OpenSolaris設備驅動原理與開發
- INSTANT Galleria Howto
- Red Hat Enterprise Linux 6.4網絡操作系統詳解
- Linux系統最佳實踐工具:命令行技術
- iOS 10快速開發:18天零基礎開發一個商業應用
- 大規模分布式系統架構與設計實戰
- Raspberry Pi入門指南
- 完美應用Ubuntu(第2版)
- Learning IBM Watson Analytics