阅读背景:

AWS:结合CKM策略和IAM策略的最安全方法是什么?

来源:互联网 

What I want to do is attach an EC2 instance to an IAM group and give that group access to keys for an S3 bucket in CKMs.

我想要做的是将EC2实例附加到IAM组,并授予该组访问CKM中S3存储桶的密钥的权限。

What's the best way to do this?

最好的方法是什么?

1 个解决方案

#1


0  

When you create a Customer Master Key (CMK), you define a key policy that dictates who can manage and/or use the CMK. Specifically, you can configure the key policy to enable access to the CMK from IAM users and IAM roles in the account. The latter, IAM roles, is what you would use to confer these rights to an EC2 instance.

创建客户主密钥(CMK)时,您可以定义一个关键策略,该策略规定谁可以管理和/或使用CMK。具体来说,您可以配置密钥策略以允许从IAM用户和帐户中的IAM角色访问CMK。后者是IAM角色,用于将这些权限授予EC2实例。


分享到: