Difference between revisions of "AWS IAM role"
Jump to navigation
Jump to search
↑ https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
(21 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html | https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html | ||
+ | * [[IAM roles for EC2 instances]] | ||
== Commands == | == Commands == | ||
* {{aws iam role TOC}} | * {{aws iam role TOC}} | ||
+ | |||
+ | == Errors == | ||
+ | * <code>[[Cannot attach a Service Role Policy to a Customer Role.]]</code> | ||
+ | |||
+ | == [[AWS STS|STS]] == | ||
+ | * <code>[[aws sts assume-role-with-saml]]</code> | ||
+ | * <code>[[aws sts assume-role]]</code> | ||
+ | |||
== Related == | == Related == | ||
* [[AWS service roles]]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html | * [[AWS service roles]]: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html | ||
− | |||
* [[AWS Policies]]: [[AWS trust policy]] | * [[AWS Policies]]: [[AWS trust policy]] | ||
− | |||
− | |||
* <code>[[Iam:GetRole]]</code> | * <code>[[Iam:GetRole]]</code> | ||
* <code>[[rds-monitoring-role]]</code> | * <code>[[rds-monitoring-role]]</code> | ||
Line 19: | Line 25: | ||
* [[GCP roles]] | * [[GCP roles]] | ||
* [[IAM roles for EC2 instances]] | * [[IAM roles for EC2 instances]] | ||
+ | * [[ecsInstanceRole]] | ||
+ | * <code>[[eks.amazonaws.com]]/role-arn: arn:aws:iam::012345678912:role/[[AmazonEKS_EBS_CSI_DriverRole]]</code> | ||
+ | * <code>[[Inherited from node]]</code> | ||
+ | * [[Using service-linked roles for Amazon ECS]] | ||
+ | * [[Trusted entities]] | ||
+ | * [[AWS IAM Access Analyzer]] | ||
+ | * [[AWS managed policies]] | ||
== Activities == | == Activities == | ||
Line 24: | Line 37: | ||
* Read https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html | * Read https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html | ||
* Read [[Creating a role to delegate permissions to an IAM user]]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html | * Read [[Creating a role to delegate permissions to an IAM user]]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html | ||
+ | * [[Understand the difference between service role and service-linked role]] <ref>https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html</ref> | ||
+ | * [[How to use trust policies with IAM roles]] | ||
+ | * [[Best practices for managing AWS access keys]] | ||
== See also == | == See also == | ||
* {{aws iam role}} | * {{aws iam role}} | ||
+ | * {{Roles}} | ||
[[Category:AWS]] | [[Category:AWS]] |
Latest revision as of 08:58, 28 June 2024
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
Contents
Commands[edit]
aws iam list-roles
aws iam create-role
aws iam put-role-policy
aws iam get-role
aws iam create-service-linked-role
aws iam update-role
Errors[edit]
STS[edit]
Related[edit]
- AWS service roles: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
- AWS Policies: AWS trust policy
Iam:GetRole
rds-monitoring-role
- AWS IAM federation
- Switch role to acounts:
OrganizationAccountAccessRole
KarpenterNode
- IAM Roles for Service Accounts (IRSA)
- AWS policy:
AdministratorAccess
- GCP roles
- IAM roles for EC2 instances
- ecsInstanceRole
eks.amazonaws.com/role-arn: arn:aws:iam::012345678912:role/AmazonEKS_EBS_CSI_DriverRole
Inherited from node
- Using service-linked roles for Amazon ECS
- Trusted entities
- AWS IAM Access Analyzer
- AWS managed policies
Activities[edit]
- Create a role for SAML federation https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
- Read https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html
- Read Creating a role to delegate permissions to an IAM user: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html
- Understand the difference between service role and service-linked role [1]
- How to use trust policies with IAM roles
- Best practices for managing AWS access keys
See also[edit]
- AWS IAM role, AWS service roles, AWS IAM Roles Anywhere: [
list-roles | get-role | create-role | put-role-policy | create-service-linked-role | attach-role-policy | update-role | add-role-to-instance-profile ], aws ec2 describe-iam-instance-profile-associations ]
, IAM roles for EC2 instances,AWSServiceRoleForAutoScaling
- AWS IAM role, ServiceRoleARN,
iam:GetRole, assumed-role, sts:AssumeRole
, Trusted entities
Advertising: