Home > Mobile >  What is the relation between user, group, role, policy and AWS services?
What is the relation between user, group, role, policy and AWS services?

Time:12-07

A policy can be attached to a user or group. This controls what the users are able to do in AWS.

Policy can be attached to an AWS service? What is the relation between policy and AWS service?

And where does the concept of Role fit in all this?

CodePudding user response:

Think of role like a container holder for permissions which can be used to delegate access to users, applications, or services that don't normally have access to your AWS resources.

From docs

An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

CodePudding user response:

In Amazon Web Services (AWS), a user is a person or system that interacts with the AWS platform. Users can have different levels of access to AWS services and resources, depending on their permissions.

A group is a collection of users that share the same permissions. Groups can be used to manage the permissions of multiple users at once, making it easier to manage and control access to AWS services and resources.

A role is a set of permissions that can be assumed by a user or system. Roles are used to grant users and systems access to AWS services and resources, without having to share or manage long-term credentials. Roles can be temporary or permanent, and can be assumed by users, applications, or services.

A policy is a document that defines the permissions for a user, group, or role. Policies are written in the AWS Identity and Access Management (IAM) policy language, and specify the actions and resources that a user, group, or role is allowed to access.

AWS services are the core components of the AWS platform, and include a wide range of cloud-based services for computing, storage, networking, analytics, machine learning, and more. AWS services can be accessed by users, groups, and roles, depending on the permissions granted by policies.

In summary, the relation between user, group, role, policy, and AWS services is as follows:

A user is a person or system that interacts with AWS services. A group is a collection of users that share the same permissions. A role is a set of permissions that can be assumed by a user or system. A policy is a document that defines the permissions for a user, group, or role. AWS services are the core components of the AWS platform, and can be accessed by users, groups, and roles with the appropriate permissions.

CodePudding user response:

A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied

  • Related