AWS Identity ndi Access Management

Gawo 1 la 3

Mu 2011, Amazon adalengeza kupezeka kwa thandizo la AWS Idality & Access Management (IAM) la CloudFront. IAM inakhazikitsidwa mu 2010 ndipo idaphatikizapo thandizo la S3. Chidziwitso cha AWS & Access Management (IAM) chimakuthandizani kukhala ndi ogwiritsa ntchito ambiri mu akaunti ya AWS. Ngati mwagwiritsa ntchito Amazon Web Services (AWS), mukudziwa kuti njira yokhayo yothetsera nkhani mu AWS ndi yopereka dzina lanu ndi mawu achinsinsi kapena zinsinsi zofikira.

Ichi ndi chitetezo chenicheni cha ambiri a ife. IAM imachotsa kufunika kogawana mapepala ndi mafungulo ofikira.

Kusintha nthawi zonse chinsinsi chathu chachikulu cha AWS kapena kupanga makiyi atsopano ndi njira yowopsya pamene wogwira ntchito angachoke gulu lathu. Chidziwitso cha AWS & Access Management (IAM) chinali chiyambi chabwino kulola kuti munthu aliyense akhale ndi makiyi ake. Komabe, ife ndife osuta a S3 / CloudFront kotero takhala tikuyang'ana CloudFront kuwonjezeredwa ku IAM zomwe potsiriza zinachitika.

Ndapeza zolemba pamsonkhanowu kuti zikhale zochepa. Pali zinthu zingapo zapakati zomwe zimapereka chithandizo chamtundu wakuti Identity & Access Management (IAM). Koma otsatsa nthawi zambiri amawopseza choncho ndinayesetsa kupeza njira yothetsera IAM ndi Amazon S3.

Nkhaniyi ikuyendetsa polojekiti ya Command Line yomwe imathandizira IAM ndikukhazikitsa gulu / wogwiritsa ntchito S3. Muyenera kukhala ndi a Amazon AWS S3 akhazikitsidwe musanayambe kukhazikitsa Identity & Access Management (IAM).

Nkhani yanga, Pogwiritsa ntchito Amazon Simple Storage Service (S3), idzakuyenderani pokhazikitsa ndondomeko ya AWS S3.

Nazi njira zomwe zimapangidwira kukhazikitsa ndi kugwiritsa ntchito wogwiritsa ntchito mu IAM. Izi zalembedwera kwa Windows koma mukhoza kugwiritsira ntchito pa Linux, UNIX ndi / kapena Mac OSX.

1. Sakani ndi kukhazikitsa Lamulo la Lamulo la Lamulo (CLI)

1. Pangani Gulu
2. Perekani Gulu Kupeza S3 Bucket ndi CloudFront
3. Pangani Olemba ndi Owonjezera ku Gulu
4. Pangani Pangani Pulogalamu Yake ndikupanga Keys
5. Kufikira Kuyesedwa

Sakani ndi kukhazikitsa Lamulo la Lamulo la Lamulo (CLI)

IAM Command Line Toolkit ndi pulogalamu ya Java yomwe ikupezeka mu AWS Developers Tools a Amazon. Chidachi chimakulolani kuti muchite malamulo a IAM API kuchokera ku chigwirizano chogwiritsa ntchito (DOS for Windows).

• Muyenera kukhala ndi Java 1.6 kapena apamwamba. Mukhoza kukopera maulendo atsopano kuchokera ku Java.com. Kuti muwone tsamba lomwe laikidwa pawindo la Windows yanu, tsegulirani Lamulo la Lamulo ndikulemba mtundu wa java -version. Izi zikuganiza kuti java.exe ili mu PATH yanu.
• Koperani chida cha IAM CLI ndi kumasula kwinakwake pamtunda wanu.
• Pali 2 fayilo muzu wa bukhu la zida za CLI zomwe muyenera kusintha.
  • aws-credential.template: Fayiloyi imasunga zizindikiro zanu za AWS. Onjezani AWSAccessKeyId yanu ndi AWSSecretKey, pulumutsani ndi kutseka fayilo.
  • kasitomala-config.template : Mukungosintha fayilo iyi ngati mukufuna seva yowonjezera. Chotsani zizindikiro # ndi kusintha ClientProxyHost, ClientProxyPort, ClientProxyUsername ndi ClientProxyPassword. Sungani ndi kutseka fayilo.
• Gawo lotsatira likuphatikiza kuwonjezera Zosiyanasiyana za Mazingira. Pitani ku Pulogalamu Yowonjezera | Zida Zamakono | Zokonzekera zadongosolo lapamwamba | Zosintha zachilengedwe. Onjezerani zotsatirazi:
  • AWS_IAM_HOME : Sungani zosinthikazi pazitsulo kumene mudatsegula toolkit ya CLI. Ngati mukugwiritsa ntchito mawindo a Windows ndi kuwamasula pazu wa C yanu yoyendetsa, chosinthika chidzakhala C: \ IAMCli-1.2.0.
  • JAVA_HOME : Sungani chosinthikayi ku malo omwe Java imayikidwa. Iyi ndi malo a fayilo ya java.exe. Muwowonjezera Mawindo 7 Java Java installation, izi zikhoza kukhala monga C: \ Program Files (x86) \ Java \ jre6.
  • AWS_CREDENTIAL_FILE : Sungani zosinthika pa njira ndi fayilo dzina la aws-credential.template yomwe mwasintha pamwambapa. Ngati mukugwiritsa ntchito mawindo a Windows ndi kuwamasula pazitsulo za C yanu yoyendetsa, chosinthika chidzakhala C: \ IAMCli-1.2.0 \ aws-credential.template.
  • CLIENT_CONFIG_FILE : Mukungoyenera kuwonjezera kusintha kwa chilengedwe ngati mukufuna seva yoyimira. Ngati mukugwiritsa ntchito Windows ndi kuiyika pamtunda wa drive yanu C, chosinthika chidzakhala C: \ IAMCli-1.2.0 \ client-config.template. Musawonjezere zosinthika izi pokhapokha ngati mukuzifuna.

• Yesani kukhazikitsa mwa kupita ku Command Prompt ndi kulowa mu-userlistbypath. Malingana ngati simukulandira cholakwika, muyenera kukhala bwino.

Malamulo onse a IAM angathe kuthamanga kuchokera ku Command Prompt. Malamulo onse amayamba ndi "iam-".

Pangani Gulu

Pali magulu okwana 100 omwe angathe kulengedwa pa akaunti iliyonse ya AWS. Ngakhale mutatha kuika zilolezo ku IAM pa msinkhu wogwiritsa ntchito, kugwiritsa ntchito magulu kungakhale njira yabwino kwambiri. Pano pali njira yolenga gulu mu IAM.

• Chidule cha kulenga gulu ndichopanga-gulu-g GROUPNAME [-p PATH] [-v] pomwe -p ndi -v ndizosankha. Zolemba zonse pa Interface Line Lamulo likupezeka pa AWS Docs.

• Ngati mukufuna kupanga gulu lotchedwa "opusa", mungalowe, muzitha-gulu-ochita mantha pa Command Prompt.
• Mukhoza kuwona kuti gululo linalengedwa molondola mwa kulowa mu gulu-grouplistbypath pa Command Prompt. Ngati mutangopanga gulu ili, zotsatira zake zingakhale ngati "arn: aws: iam :: 123456789012: gulu / awesomeusers", kumene nambala yanu ndi nambala ya akaunti yanu ya AWS.

Perekani Gulu Kupeza S3 Bucket ndi CloudFront

Ndondomeko ikutsogolera zomwe gulu lanu likhoza kuchita mu S3 kapena CloudFront. Mwachinsinsi, gulu lanu silikanatha kupeza chilichonse mu AWS. Ndinawona zolembedwa pa ndondomeko kuti zikhale zabwino koma pakupanga ndondomeko zochepa, ndinayesa pang'ono ndikuyesera kuti zinthu zitheke monga momwe ndinkafunira kuti zigwire ntchito.

Muli ndi njira zingapo zopangira ndondomeko.

Njira imodzi mungathe kuwaika mwachindunji ku Command Prompt. Popeza mukhoza kukhala ndikukonza ndondomeko ndikuimiritsa, kwa ine ndikuwoneka kosavuta kuwonjezera ndondomekoyi mu fayilo ya mauthenga ndiyeno nkutsitsa fayilo yolemba ngati choyimira ndi lamulo lotsogolera lolemba. Pano pali ndondomeko pogwiritsa ntchito fayilo yolemba ndi kuika ku IAM.

• Gwiritsani ntchito chinachake monga Notepad ndikulowa malemba awa ndikusunga fayilo:
  
  {
  "Statement": [{
  "Zotsatira": "Lolani",
  "Ntchito": "s3: *",
  "Zothandizira": [
  "arn: aws: s3 ::: BUCKETNAME",
  "arn: aws: s3 ::: BUCKETNAME / *"]
  },
  {
  "Zotsatira": "Lolani",
  "Ntchito": "s3: ListAllMyBuckets",
  "Zothandizira": "arn: aws: s3 ::: *"
  },
  {
  "Zotsatira": "Lolani",
  "Ntchito": ["cham'mbuyo: *"],
  "Zothandizira": "*"
  }}
  ]
  }}
  
• Pali magawo atatu pa ndondomeko iyi. Zotsatirazo zimagwiritsidwa ntchito kulola kapena kuyatsa mtundu wina wofikira. Ntchito ndizochitika zomwe gulu lingathe kuchita. Zothandizira zikhoza kugwiritsidwa ntchito popereka ndowa zina.

• Mungathe kuchepetsa zochita payekha. Mu chitsanzo ichi, "Action": ["s3: GetObject", "3: ListBucket ", "3: GetObjectVersion"], gululo likhoza kulemba zomwe zili mu chidebe ndikumasula zinthu.
• Gawo loyamba "Limalolera" gulu kupanga zochitika zonse za S3 mu chidebe "BUCKETNAME".
• Gawo lachiwiri "limaloleza" gulu kuti lilembedwe mitsuko yonse mu S3. Mukufunikira izi kuti muthe kuona mndandanda wa zidebe ngati mutagwiritsa ntchito zinthu monga AWS Console.

• Gawo lachitatu likupereka gulu lonse mwayi wopita ku CloudFront.

Pali zambiri zomwe mungasankhe mukamatsatira mfundo za IAM. Amazon ili ndi chida chozizira kwambiri chotchedwa AWS Policy Generator. Chida ichi chimapereka GUI pomwe mukhoza kupanga ndondomeko zanu ndikupanga code weniweni yomwe mukufunikira kuti mugwiritse ntchito ndondomekoyi. Mukhozanso kupeza gawo la Chilankhulo cha Access Policy la kugwiritsa ntchito AWS Identity ndi Access Management zolemba pa intaneti.

Pangani Olemba ndi Owonjezera ku Gulu

Njira yopanga watsopano wogwiritsa ntchito ndi kuwonjezera gulu kuti awathandize kupeza zochitika zimaphatikizapo masitepe angapo.

• Mawu ogwiritsira ntchito popanga wosuta ndiwasokoneza -u USERNAME [-p PATH] [-g GROUPS ...] [-k] [-v] kumene -p, -g, -k ndi -v ndizosankha. Zolemba zonse pa Interface Line Lamulo likupezeka pa AWS Docs.
• Ngati mukufuna kupanga wopanga "bob", mungalowe, muyambe-kuthamangitsa -u bob -g opusa pa Command Prompt.
• Mukhoza kuwona kuti wogwiritsa ntchitoyo adalengedwa molondola polowera gulu la otsogolera -wawopsya ku Command Prompt. Ngati mutangopanga wosuta, zotsatira zake zingakhale ngati "arn: aws: iam :: 123456789012: user / bob", kumene nambala yanu ndi nambala ya akaunti ya AWS.

Pangani mbiri ya Logon ndi Kupanga Keys

Panthawiyi, mwalenga wosuta koma muyenera kuwapatsa njira yowonjezera ndi kuchotsa zinthu kuchokera ku S3.

Pali njira ziwiri zomwe zingapezeke kuti apatse ogwiritsa ntchito anu mwayi wopeza S3 pogwiritsa ntchito IAM. Mukhoza kulenga Pulogalamu Yomwe Mumalowetsamo ndikupereka ogwiritsa ntchito mawu achinsinsi. Angagwiritse ntchito zizindikiro zawo kuti alowe mu Amazon AWS Console. Njira ina ndiyo kupereka ogwiritsa ntchito makiyi ofikira ndi chinsinsi chachinsinsi. Iwo akhoza kugwiritsa ntchito mafungulowa mu zipangizo zapakati pa 3s monga S3 Fox, CloudBerry S3 Explorer kapena S3 Browser.

Pangani Pulogalamu Yoyenera

Kupanga Pulogalamu Yowonetsera kwa ogwiritsira ntchito S3wa amapereka dzina ndi achinsinsi omwe angagwiritse ntchito kuti alowe ku Amazon AWS Console.

• Chidule cha kulumikiza mbiri yolowera ndi iam-useraddloginprofile -u USERNAME -p PASSWORD. Zolemba zonse pa Interface Line Lamulo likupezeka pa AWS Docs.
• Ngati mufuna kulenga mbiri yolowera kwa wogwiritsa ntchito "bob", mutha kulowa, iam-useraddloginprofile -u bob -P NDIME yolemba pa Command Prompt.

• Mukhoza kuwona kuti mbiri yanu yolowera yolumikizidwa bwino mwa kulowa mu-usergetloginprofile -u bob ku Command Prompt. Ngati mudalenga cholozera cholowetsa, zotsatira zake zikanakhala ngati "Pulogalamu ya Login imapezeka kwa ogwiritsira ntchito".

Pangani Keys

Kupanga Mauthenga Abisika AWS Chinsinsi ndi zofanana ndi AWS Access Key ID idzalola ogwiritsa ntchito anu kugwiritsa ntchito mapulogalamu a chipani chachitatu monga omwe tatchulidwa kale. Kumbukirani kuti monga chiyero cha chitetezo, mungathe kupeza mafungulowa pokhapokha pokhapokha muwonjezere mawonekedwe osuta. Onetsetsani kuti mumasungira ndi kulumikiza zotsatira kuchokera ku Command Prompt ndi kusunga mu fayilo. Mukhoza kutumiza fayilo kwa wosuta.

• Mphatikiti yowonjezera makiyi a wogwiritsa ntchito ndiyad-useraddkey [-u USERNAME]. Zolemba zonse pa Interface Line Lamulo likupezeka pa AWS Docs.
• Ngati mukufuna kupanga makiyi a wosuta "bob", mukanalowa mu-useraddkey -u bob ku Command Prompt.
• Lamulo lidzatulutsa makiyi omwe angawoneke monga chonchi:
  AKIACOOB5BQVEXAMPLE
  BvQW1IpqVzRdbwPUirD3pK6L8ngoX4PTEXAMPLE
  
  Mzere woyamba ndi Chizindikiro Chofikira Kupeza ndipo mzere wachiwiri ndi Chinsinsi Chofikira. Mukusowa mapulogalamu a chipani chachitatu.

Kufikira Kuyesedwa

Tsopano popeza mwalenga magulu a IAM / ogwiritsira ntchito ndipo munapatsa magulu mwayi wogwiritsa ntchito ndondomeko, muyenera kuyesa kupeza.

Kupeza kwa Console

Ogwiritsa ntchito anu angagwiritse ntchito dzina lawo ndichinsinsi kuti alowe mu AWS Console. Komabe, iyi si tsamba lolowera lolowetsamo nthawi zonse lomwe limagwiritsidwa ntchito pa akaunti yaikulu ya AWS.

Pali URL yapadera yomwe mungagwiritse ntchito yomwe idzakupatsani mawonekedwe a akaunti yanu ya Amazon AWS yekha. Pano pali URL kuti mutsegule ku S3 kwa osuta anu a IAM.

https://AWS-ACCOUNT-NUMBER.signin.aws.amazon.com/console/s3

AWS-ACCOUNT-NUMBER ndi nambala yanu ya chiwerengero cha AWS. Mukhoza kupeza izi polowera mu mawonekedwe a Amazon Web Service Sign In. Lowani ndipo dinani pa Akaunti | Ntchito Yakaunti. Nambala yanu ya akaunti ili mu ngodya yapamwamba. Onetsetsani kuti muchotse dashes. Ulalowu udzawoneka ngati https://123456789012.signin.aws.amazon.com/console/s3.

Kugwiritsa Ntchito Mauthenga Othandizira

Mukhoza kukopera ndikuyika zida zilizonse zapakati zomwe tazitchula m'nkhaniyi. Lowetsani Chizindikiro Chachinsinsi Chakupeza ndi Chinsinsi Chachinsinsi Chothandizira pazinthu zolemba chipangizo chachitatu.

Ndikukulimbikitsani kuti mupange wosuta woyambirira ndikuyesera kuti agwiritse ntchito zonse zomwe akufuna kuti achite S3. Mutatsimikizira mmodzi wa ogwiritsa ntchito yanu, mukhoza kupitiriza kukhazikitsa omasulira anu onse a S3.

Zida

Nazi zida zochepa zomwe zingakupatseni kumvetsetsa bwino za Identity & Access Management (IAM).

• Kuyamba ndi IAM
• IAM Command Line Toolkit
• Amazon AWS Console
• AWS Policy Generator
• Kugwiritsa ntchito AWS Identity ndi Access Management

• Zolembera Zowonjezera za IAM
• Misonkhano Yokambirana
• IAM Mafunso