AWS Identity and Access Management (IAM) cheat sheet
Jump to navigation
Jump to search
AWS Identity and Access Management (IAM) Documentation
AWS Management Console で出来るようになりました。
WordPress BackWPup で S3 にバックアップする際のポリシー
{
"Statement": [
{
"Effect": "Allow",
"Action": "s3:List*",
"Resource": "arn:aws:s3:::"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::Backet-for-BackWPup",
"Resource": "arn:aws:s3:::Backet-for-BackWPup/*"
}
]
}
misc
% iam-groupcreate -g Admins
% iam-grouplistbypath
arn:aws:iam::123456789012:group/Admins
% iam-groupuploadpolicy -g Admins -p AdminsGroupPolicy -f AdminPolicy.txt
% iam-grouplistpolicies -g Admins
AdminsGroupPolicy
% iam-usercreate -u user000 -g Admins -k -v
*** AWSAccessKeyId ***
*** AWSSecretKey ***
arn:aws:iam::123456789012:user/user000
AIDAIZBQBEPYFPZBAMIT6
% iam-useraddloginprofile -u user000 -p PASSWORD
AdminsGroup用 full control な Policy (↑での AdminPolicy.txt)
{
"Statement":[{
"Effect":"Allow",
"Action":"*",
"Resource":"*"
}
]
}
AWS Policy Generator
Create an alias for the AWS account. This isrequired to support User signin.
% iam-accountaliascreate -a mycompany
Alias: mycompany
Direct Signin Link: mycompany.signin.aws.amazon.com
IAM 用 AWS Management Console の URL
https://mycompany.signin.aws.amazon.com/console/ec2
AWS credential を明示的に指定
% iam-userlistbypath --aws-credential-file jawsug_cred.txt
AWS Credential file のフォーマット
AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXX AWSSecretKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Changes the login profile password for the user
% iam-usermodloginprofile -u user000 -p NEWPASSWORD
Delete login profile of the user
% iam-userdelloginprofile -u user000
Deletes a user from your account. If the user is in groups or has policies use the -r option to delete dangling entities. Use the -p option to view what will be deleted without taking action.
% iam-userdel -r -p -u user000
% iam-userdel -r -u user000
削除できたかを確認
% iam-grouplistusers -g Admins
% iam-userlistbypath
example
% iam-userdelloginprofile --aws-credential-file jawsug_cred.txt -u user000
% iam-userdel --aws-credential-file jawsug_cred.txt -r -u user000