在云计算环境中,身份和访问管理(IAM)是一种服务,它允许您控制谁对资源拥有访问权限。IAM 组是一组 IAM 用户,可以作为一个单元来管理权限。要授予 IAM 组对除创建新用户之外的所有内容的访问权限,您需要遵循以下步骤:
IAM 组允许您将一组用户的权限委托给一个组,而不是单独对每个用户进行管理。这样可以简化权限管理,特别是在大型组织中。
IAM 组通常分为两种类型:
IAM 组适用于需要根据角色或部门分配权限的场景,例如:
以下是一个示例,展示如何在 AWS IAM 中创建一个组并授予其对除创建新用户之外的所有内容的访问权限。
AmazonEC2FullAccess
AmazonS3FullAccess
AmazonRDSFullAccess
AWSCodeCommitFullAccess
AWSLambdaFullAccess
AmazonDynamoDBFullAccess
AmazonVPCFullAccess
AmazonECS_FullAccess
AmazonEKS_FullAccess
AmazonRedshiftFullAccess
AmazonRoute53FullAccess
AmazonCloudWatchLogsFullAccess
AmazonCloudFrontFullAccess
AmazonSNSFullAccess
AmazonSQSFullAccess
AWSGlueFullAccess
AWSDataPipelineFullAccess
AWSCodeDeployFullAccess
AWSDirectConnectFullAccess
AWSBackupFullAccess
AmazonFSxFullAccess
AmazonWorkSpacesFullAccess
AmazonAppStreamFullAccess
AmazonWorkDocsFullAccess
AmazonChimeFullAccess
AmazonLexFullAccess
AmazonPollyFullAccess
AmazonRekognitionFullAccess
AmazonTranslateFullAccess
AmazonTranscribeFullAccess
AmazonComprehendFullAccess
AmazonFraudDetectorFullAccess
Amazon KendraFullAccess
Amazon Managed GrafanaFullAccess
Amazon Managed Service for PrometheusFullAccess
Amazon OpenSearch ServiceFullAccess
Amazon Quantum Ledger Database (QLDB)FullAccess
Amazon Timestream WriteFullAccess
Amazon Managed BlockchainFullAccess
Amazon BraketFullAccess
Amazon SageMakerFullAccess
Amazon KeyspacesFullAccess
Amazon MSKFullAccess
Amazon Managed Streaming for Kafka (MSK)FullAccess
Amazon NeptuneFullAccess
Amazon DocumentDBFullAccess
Amazon ElastiCacheFullAccess
Amazon ElasticsearchServiceFullAccess
Amazon QuickSightFullAccess
Amazon RDSReadOnlyAccess
Amazon S3ReadOnlyAccess
Amazon DynamoDBReadOnlyAccess
Amazon VPCReadOnlyAccess
Amazon CloudWatchReadOnlyAccess
Amazon CloudFrontReadOnlyAccess
Amazon SNSReadOnlyAccess
Amazon SQSReadOnlyAccess
AWSGlueReadOnlyAccess
AWSDataPipelineReadOnlyAccess
AWSCodeDeployReadOnlyAccess
AWSDirectConnectReadOnlyAccess
AmazonIAMFullAccess
通过上述步骤,您可以创建一个 IAM 组并授予其对除创建新用户之外的所有内容的访问权限。请注意,具体的策略名称和步骤可能会因云提供商的不同而有所变化。
领取专属 10元无门槛券
手把手带您无忧上云