본문 바로가기
AWS/개요

Using Roles

by 계영수 2023. 7. 27.
728x90

1. What is an IAM Role?

2. Roles Are Temporary

3. What Else Can Roles Do?

4. Console Demo

 

1. What is an IAM Role?

A Role is an identity you can create in IAM that has specific permissions. A role is similar to a user, as it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.

However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

 

2. Roles Are Temporary

A role does not have standard long-term credentials the same way password or access keys do. Instead, when you assume a role, it provides you with temporary security credentials for your role session.

 

3. What Else Can Roles Do?

Roles can be assumed by people, AWS architecture, or other system-level accounts.

 

Roles can allow cross-account access. This allows one AWS account the ability to interact with resources in other AWS accounts.

 

- Create an IAM Role

  - Ensure it has S3 access.

- Create an EC2 Instance

  - Attach the role we just created.

- Create S3 Bucket

  - Create a bucket in S3.

- Access S3

 

Create Role

 - Use case: EC2 선택

 - Add permissions: AmazonS3FullAccess(선택)

 -  Name, review, and create - Role details

    Role name: S3_Admin_Access

 

EC2 Launch Instance

 - FreeTier

 - IAM Role 연결

 

EC2 Terminal 접속

A newer release of "Amazon Linux" is available.
  Version 2023.1.20230725:
Run "/usr/bin/dnf check-release-update" for full release and version update info
   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'
[ec2-user@ip-172-31-92-192 ~]$
[ec2-user@ip-172-31-92-192 ~]$ sudo su
[root@ip-172-31-92-192 ec2-user]# aws s3 ls
2023-07-27 06:07:11 mylearninstructor12345-01
[root@ip-172-31-92-192 ec2-user]#
[root@ip-172-31-92-192 ec2-user]# echo "Hello World" > MyLearn.txt
[root@ip-172-31-92-192 ec2-user]# ls
MyLearn.txt
[root@ip-172-31-92-192 ec2-user]# aws s3 cp MyLearn.txt s3://mylearninstructor12345-01
upload: ./MyLearn.txt to s3://mylearninstructor12345-01/MyLearn.txt
[root@ip-172-31-92-192 ec2-user]#

728x90
저작자표시 비영리 변경금지 (새창열림)

'AWS > 개요' 카테고리의 다른 글

EC2 Placement Groups  (0) 2023.07.28
Networking with EC2  (0) 2023.07.28
Security Groups, Bootstrap Scripts  (0) 2023.07.28
EC2 SSH 접속, AWS CLI  (0) 2023.07.27
Region, Availability Zone,  (0) 2023.05.30

관련글

티스토리툴바