AWS tus kheej thiab kev tswj xyuas

Ntu 1 ntawm 3

Hauv 2011, Amazon tau tshaj tawm cov AWS Identity & Access Management (IAM) txhawb rau CloudFront. IAM tau pib hauv xyoo 2010 thiab muaj kev txhawb nqa S3. AWS tus kheej & Kev Tswj Xyuas (IAM) ua rau koj muaj ntau tus neeg siv hauv AWS tus account. Yog tias koj tau siv Amazon Web Services (AWS), koj paub hais tias tib txoj kev los tswj cov ntsiab lus hauv AWS koom nrog muab koj tus neeg siv lub npe thiab tus password los yog nkag rau hauv lub lag luam.

Qhov no yog qhov kev txhawj xeeb tiag tiag rau peb feem ntau. IAM tshem tawm qhov xav tau los qhia cov passwords thiab nkag rau cov yawm sij.

Hloov hloov peb lub AWS loj lossis hloov cov yuam sij tshiab yog ib qho kev ntxhov siab thaum ib tus neeg ua haujlwm tawm hauv peb pawg. AWS tus kheej & Kev Tswj Kev Nkag (IAM) yog ib qho pib zoo uas cia cov neeg siv nyiaj nrog tus neeg tuav. Txawm li cas los xij, peb yog ib tug S3 / CloudFront tus neeg siv ces peb tau saib rau huab huab mus ntxiv rau IAM uas thaum kawg tshwm sim.

Kuv pom cov ntaub ntawv ntawm qhov kev pab no tau qee me me. Muaj ob peb hnub khoom uas muaj kev txhawb nqa rau cov kev pabcuam rau "Identity & Access Management (IAM)". Tab sis neeg tsim khoom feem ntau thrifty ces kuv nrhiav kev daws dawb los tswj IAM nrog peb cov kev pab cuam Amazon S3.

Cov tshooj no tuaj yeem los ntawm cov txheej txheem ntawm qhov kev hais kom muaj qhov Kev Hais Kab Interface uas txhawb nqa IAM thiab teeb tsa pawg / neeg siv nrog S3. Koj yuav tsum muaj ib qho kev Amazon AWS S3 tus account ua ntej koj pib teeb tsa Identity & Access Management (IAM).

Kuv tsab xov xwm, Siv Amazon yooj yim Cov Kev Pab Cuam (S3), yuav nrog koj taug kev ntawm AWS S3 tus account.

Ntawm no yog cov kauj ruam hauv kev teeb tsa thiab siv ib tus neeg hauv IAM. Qhov no yog sau rau Windows tab sis koj tweak siv rau hauv Linux, UNIX thiab / lossis Mac OSX.

1. Nruab thiab configure qhov hais kom ua kab interface (CLI)

1. Tsim Ib Pawg
2. Muab Pab Pawg Saib Xyuas S3 Thoob Thoob Ntoo thiab CloudFront
3. Tsim Cov Neeg Siv thiab Ntxiv Rau Pawg
4. Tsim Profile nkag thiab Tsim Daws
5. Kev Tshawb Xyuas

Nruab thiab configure qhov hais kom ua kab interface (CLI)

IAM hais kom ua kab Toolkit yog ib qho Java uas muaj nyob hauv Amazon cov cuab yeej AWS Developers. Lub cuab yeej tso cai rau koj ua raws IAM API commands los ntawm lub plhaub plhaub (DOS for Windows).

• Koj yuav tsum tau khiav Java 1.6 los yog siab dua. Koj mus muab tau qhov tseeb version ntawm Java.com. Txhawm rau saib twg version yog ntsia ntawm koj lub qhov rais, qhib qhov Kev Khoo Command thiab hom hauv java -version. Qhov no pom tias java.exe nyob hauv koj txoj kev.
• Download tau IAM CLI vam thiab lauj qhov chaw ntawm koj lub zos tsav.
• Muaj 2 cov ntaub ntawv nyob rau hauv lub hauv paus ntawm CLI cov ntawv qhia tias koj xav hloov.
  • aws-credential.template: Cov ntaub ntawv no tuav koj cov ntaub ntawv AWS. Ntxiv koj AWSAccessKeyId thiab koj AWSSecretKey, txuag thiab kaw cov ntaub ntawv.
  • client-config.template : Koj tsuas yog yuav tsum tau hloov cov ntaub ntawv no yog tias koj xav tau ib tus neeg saib xyuas lub npe. Tshem cov # cim thiab hloov ClientProxyHost, ClientProxyPort, ClientProxyUsername thiab ClientProxyPassword. Txuag thiab kaw cov ntaub ntawv.
• Cov kauj ruam tom ntej no yuav ntxiv rau Qhov Nruab Nrab Hloov. Mus rau Tswj Vaj Huam Sib Luag | System Khoom | Cov kev kawm siab dua Ib puag ncig hloov. Ntxiv rau cov nram qab no:
  • AWS_IAM_HOME : Teem caij no hloov mus rau qhov chaw uas koj tau rho lub CLI cov ntawv qhia. Yog tias koj tab tom khiav qhov rais thiab tshem tawm ntawm lub hauv paus ntawm koj lub C drive, qhov txawv kuj yuav C: \ IAMCli-1.2.0.
  • JAVA_HOME : Teem caij no hloov mus rau qhov directory Java qhov chaw. Qhov no yuav yog qhov chaw ntawm java.exe cov ntaub ntawv. Nyob rau hauv ib lub qhov rais 7 Java installation, qhov no yuav ib yam dab tsi zoo li C: \ Cov Ntaub Ntawv Zov (x 86) \ Java \ jre6.
  • AWS_CREDENTIAL_FILE : Teem caij no hloov mus rau txoj kev thiab cov npe ntawm tus aws-credential.template uas koj tau hloov kho sab saud. Yog hais tias koj khiav qhov rais thiab unzipped nws hauv lub hauv paus ntawm koj lub C drive, qhov txawv kuj yuav C: \ IAMCli-1.2.0 \ aws-credential.template.
  • CLIENT_CONFIG_FILE : Koj tsuas yog xav tau ntxiv qhov no ib puag ncig yog tias koj xav tau ib tus neeg saib xyuas lub npe. Yog tias koj tab tom khiav qhov rais thiab unzipped nws ntawm lub hauv paus ntawm koj lub C, qhov txawv kuj yuav C: \ IAMCli-1.2.0 \ client-config.template. Tsis txhob ntxiv qhov txawv no tshwj tsis yog koj xav tau.

• Kuaj qhov kev dhos los ntawm kev mus rau qhov kev hais kom ua tiav thiab nkag mus rau iam-userlistbypath. Yog tias koj tsis tau txais qhov yuam kev, koj yuav tsum ua zoo mus.

Tag nrho ntawm cov lus txib IAM tuaj yeem khiav los ntawm Kev Hais Kom Thoob Ntiaj Teb. Tag nrho cov lus txib pib nrog "iam-".

Tsim Ib Pawg

Muaj ntau tshaj 100 pawg uas tsim tau rau txhua tus AWS account. Thaum koj tuaj yeem tsim kev tso cai hauv IAM ntawm cov neeg siv, siv cov pawg yuav yog qhov ua tau zoo tshaj plaws. Nov yog tus txheej txheem tsim cov pab pawg hauv IAM.

• Lub syntax rau kev tsim ib pawg yog iam-groupcreate -g GROUPNAME [-p PATH] [-v] qhov twg -p thiab -v muaj kev xaiv. Cov ntaub ntawv hais txog Kab Ntawv Sib Txuas Lus muaj nyob rau ntawm AWS Docs.

• Yog tias koj xav tsim ib pawg hu ua "awesomeusers", koj yuav nkag mus rau, iam-groupcreate -g awesomeusers ntawm qhov Prompt Command.
• Koj tuaj yeem tshawb xyuas tias pawg neeg raug tsim tsim nyog los ntawm kev nkag mus rau iam-grouplistbypath ntawm qhov Kev Cob Qhia Kom Cuam Tshuam. Yog tias koj tau tsim cov pab pawg no nkaus xwb, cov zis yuav yog ib yam zoo li "arn: aws: iam :: 123456789012: pawg / awesomeusers", qhov chaw tus xov tooj yog koj tus account AWS.

Muab Pab Pawg Saib Xyuas S3 Thoob Thoob Ntoo thiab CloudFront

Txoj cai tswj hwm koj cov pab pawg twg tau ua hauv S3 los yog CloudFront. Yog vim li cas, koj pab pawg yuav tsis muaj kev nkag mus rau txhua yam hauv AWS. Kuv tau txais cov ntaub ntawv hais txog kev cai kom ua tau zoo, tiam sis tsim ib qho kev cai tshiab, kuv tau txiav txim siab me ntsis thiab yuam kev kom tau txais yam haujlwm uas kuv xav kom lawv ua.

Koj muaj ob peb txoj kev xaiv tsim cov cai.

Ib qho kev xaiv yog koj tuaj yeem nkag mus rau hauv Kev Hais Kom Qocaqas. Vim tias koj yuav tsim ib txoj cai thiab tweaking nws, rau kuv nws seemed yooj yim ntxiv rau txoj cai rau hauv ib phau ntawv nyeem thiab mam li upload cov ntawv nyeem ua ib parameter nrog cov lus txib iam-groupuploadpolicy. Nov yog txheej txheem siv cov ntawv luam thiab xa mus rau IAM.

• Siv tej yam zoo li Notepad thiab sau cov ntawv nram no thiab khaws cov ntaub ntawv:
  
  {
  "Nqe lus": [{
  "Nyhav": "Cia",
  "Nqis": "s3: *",
  "Muaj": [
  "arn: aws: s3 ::: BUCKETNAME", hais tias:
  "arn: aws: s3 ::: BUCKETNAME / *"]
  },
  {
  "Nyhav": "Cia",
  "Nqis": "s3: ListAllMyBuckets",
  "Resource": "arn: aws: s3 ::: *"
  },
  {
  "Nyhav": "Cia",
  "Nqis": ["cloudfront: *"],
  "Muaj": "*"
  }
  ]
  }
  
• Muaj 3 seem rau txoj cai no. Cov Kev Nyuaj Siab raug siv los pub lossis Txwv tsis pub qee yam kev nkag. Qhov kev txiav txim yog qhov tshwj xeeb uas pawg neeg muaj peev xwm ua tau. Cov Resource yuav siv los muab cov khoom siv rau txhua tus neeg.

• Koj tuaj yeem txo qhov kev nqis tes ua tus kheej. Hauv qhov ua piv txwv no, "Nqis": ["s3: GetObject", "s3: ListBucket", "s3: GetObjectVersion"], cov pab pawg yuav tau sau cov ntsiab lus ntawm ib lub thoob thiab download tau cov khoom.
• Thawj seem "Tso cai" cov pab pawg neeg ua txhua yam S3 ua rau lub thoob "BUCKETNAME".
• Tshooj ob "Tso cai" rau pawg uas sau tag nrho cov thoob hauv S3. Koj xav tau qhov no kom koj pom cov npe ntawm cov thoob yog tias koj siv tej yam zoo li AWS Console.

• Tshooj thib peb muab cov pab pawg kom nkag mus rau CloudFront.

Muaj ntau ntau cov kev xaiv thaum tuaj txog IAM cov cai. Amazon muaj lub cuab yeej txias heev uas hu ua AWS Policy Generator. Qhov cuab yeej no muaj GUI qhov twg koj tuaj yeem tsim koj cov cai thiab tsim qhov tseeb cov cai uas koj xav tau los siv txoj cai. Koj tuaj yeem kuaj xyuas txoj cai Txoj Cai Siv Txoj Cai ntawm Kev Siv AWS Identity thiab Access Management online ntaub ntawv.

Tsim Cov Neeg Siv thiab Ntxiv Rau Pawg

Tus txheej txheem ntawm kev tsim ib tus neeg siv tshiab thiab ntxiv rau ib pabcuam los muab lawv nkag muaj ob peb kauj ruam.

• Tus syntax rau tsim ib tus neeg siv yog iam-usercreate -u USERNAME [-p PATH] [-g GROUPS ...] [-k] [-v] qhov twg -p, -g, -k thiab -v muaj kev xaiv. Cov ntaub ntawv hais txog Kab Ntawv Sib Txuas Lus muaj nyob rau ntawm AWS Docs.
• Yog tias koj xav tsim ib cov neeg siv "bob", koj yuav nkag mus, iam-usercreate -u Bob -g awesomeusers ntawm qhov Kev Hais Kom Thaj Tsam.
• Koj tuaj yeem tshawb xyuas tias tus neeg siv raug tsim kom yog los ntawm kev nkag mus rau iam-grouplistusers -g awesomeusers ntawm qhov Kev Hais Kom Thaj Tsam. Yog tias koj tsuas tsim cov neeg siv no xwb, cov zis yuav yog ib yam zoo li "arn: aws: iam :: 123456789012: neeg / bob", qhov chaw tus xov tooj yog koj tus account AWS.

Tsim Logon Profile thiab Tsim Daws

Txij ntawm no tus taw tes, koj tsim tau ib tug neeg tab sis koj yuav tsum tau muab rau lawv nrog ib txoj kev los mus ntxiv thiab tshem tawm cov khoom ntawm S3.

Muaj 2 kev xaiv muaj los muab koj cov neeg siv nrog rau S3 siv IAM. Koj tuaj yeem tsim ib qho Profile Profile thiab muab koj cov neeg siv nrog ib lo lus zais. Lawv siv tau lawv daim ntawv pov thawj los teev rau hauv Amazon AWS Console. Lwm qhov kev xaiv yog los muab koj cov neeg siv ib qho tseem ceeb rau kev nkag thiab ib qho tseem ceeb zais cia. Lawv siv tau cov yaum sij hauv cov cuab yeej siv koob thib 3 xws li S3 Hma liab, CloudBerry S3 Explorer lossis S3 Browser.

Tsim Profile ID nkag mus

Tsim tus ID Profile rau koj cov neeg siv S3 qhia lawv nrog ib tus neeg siv lub npe thiab lo lus zais uas lawv siv tau nkag mus rau Amazon AWS Console.

• Lub syntax rau tsim ib tus ID nkag mus yog iam-useraddloginprofile -u USERNAME -p PASSWORD. Cov ntaub ntawv hais txog Kab Ntawv Sib Txuas Lus muaj nyob rau ntawm AWS Docs.
• Yog tias koj xav tsim qhov profile nkag mus rau tus neeg siv "bob", koj yuav nkag mus, iam-useraddloginprofile -u bob -p PASSWORD ntawm qhov Kev Hais Kom Thaj Tsam.

• Koj tuaj yeem tshawb xyuas tias tus ID nkag mus yog tsim los ntawm kev nkag mus rau iam-usergetloginprofile -u bob ntawm qhov Kev Hais Kom Thoob Ntiaj Teb. Yog hais tias koj tau tsim ib tus ID nkag mus rau bob, cov zis yuav yog ib yam dab tsi zoo li "ID Profile muaj nyob rau cov neeg siv bob".

Tsim Daws

Tsim ib qho AWS Secret Access Key thiab coj tus AWS Access Key ID yuav tso cai rau koj cov neeg siv siv 3rd party software xws li cov uas twb hais lawm. Nco ntsoov tias thaum muaj kev ruaj ntseg, koj tsuas tuaj yeem tau cov yuam sij no thaum lub sijhawm ntxiv ntawm tus neeg siv profile. Nco ntsoov koj luam thiab paste cov zis los ntawm qhov kev txib Prompt thiab txuag nyob rau hauv ib phau ntawv. Koj tuaj yeem xa cov ntaub ntawv mus rau koj tus neeg siv.

• Lub syntax rau ntxiv yuam sij rau tus neeg siv yog iam-useraddkey [-u USERNAME]. Cov ntaub ntawv hais txog Kab Ntawv Sib Txuas Lus muaj nyob rau ntawm AWS Docs.
• Yog tias koj xav tsim lub lag luam rau tus neeg siv "bob", koj yuav nkag mus rau iam-useraddkey -u bob ntawm qhov Kev Hais Kom Thoob Ntiaj Teb.
• Qhov hais kom ua yuav tso cov yawm sij uas xav tau ib yam dab tsi zoo li no:
  AKIACOOB5BQVEXAMPLE
  Npog
  
  Thawj kab yog Access Key ID thiab kab thib ob yog Lub Zeem Qho Chaw Saib Xyuas. Koj yuav tsum tau ob qho tib si rau tus kws kho mob hnub yug.

Kev Tshawb Xyuas

Tam sim no koj tau tsim pawg IAM / cov neeg siv thiab muab cov pawg nkag tau siv cov cai, koj yuav tsum tau ntsuam xyuas txoj kev nkag.

Kev Nkag Siab

Koj cov neeg siv tau siv lawv lub npe thiab tus password rau nkag mus rau hauv AWS Console. Txawm li cas los xij, qhov no tsis yog qhov kev sib txuas lus sab nraud nplooj ntawv uas yog siv rau AWS tus account loj.

Nws muaj qhov tshwj xeeb URL uas koj tuaj yeem siv uas yuav muab ib daim ntawv nkag mus rau koj tus account Amazon AWS nkaus xwb. Ntawm no yog qhov URL nkag mus rau S3 rau koj cov neeg siv IAM.

https://AWS-ACCOUNT-NUMBER.signin.aws.amazon.com/console/s3

AWS-ACCOUNT-NUMBER yog koj tus lej AWS tus account. Koj tuaj yeem tau txais qhov no los ntawm kev nkag mus rau hauv Amazon Web Service Sign In In form. Kev nkag teb chaws thiab nias rau Account | Kev Ua Lag Luam. Koj tus lej account yog nyob rau hauv sab xis sab xis. Xyuas kom koj tshem tawm cov dashes. Qhov URL yuav zoo ib yam li https: //123456789012.signin.aws.amazon.com/console/s3.

Siv Cov Ntawv Sau

Koj tuaj yeem download tau thiab nruab ib yam ntawm cov cuab yeej hnub koob thib 3 uas tau hais nyob rau hauv tsab xov xwm no. Sau koj tus ID Nkag Mus Siv thiab Tus Nkag Rau Kev Nkag rau ib tus neeg thib peb cov ntaub ntawv.

Kuv xav kom koj hais tias koj tsim ib tus neeg siv thawj zaug thiab muaj cov neeg siv ntawd sim lawv tias lawv muaj peev xwm ua txhua yam lawv yuav tsum tau ua hauv S3. Tom qab koj tshawb xyuas ib qho ntawm koj cov neeg siv, koj tuaj yeem pib nrog teem tag nrho koj cov neeg siv S3.

Cov kev pab

Ntawm no yog ob peb qhov chaw muab kev pabcuam rau koj kom nkag siab zoo dua ntxiv txog Kev Taw Qhia thiab Kev Nkag Mus Siv (IAM).

• Kev Pib Nrog IAM
• IAM Hais Kom Ua Cuab Yuam Siv
• Amazon AWS Console
• AWS Txoj Cai Generator
• Siv AWS tus kheej thiab Kev Tswj Xyuas

• IAM Tso Tawm Tseg
• IAM Kev Sib Tham Ntawm Kev Sib Tham
• IAM FAQ