2์ผ์ฐจ) IAM

๋ฌด๊ฑฐ์šด์—‰๋ฉ์ดยท2022๋…„ 8์›” 7์ผ
0

IAM

Identity and Access Management, Global service

[ IAM ]๐Ÿ˜€

Policies Structure

JSON Documents

  1. Version
  2. Id
  3. Statement

In Statement,

  • Sid : ๋ฌธ์žฅ ์‹๋ณ„์ž
  • Effect : ๋ฌธ์žฅ์ด ํŠน์ • API์— ์ ‘๊ทผํ•˜๋Š” ๊ฑธ ํ—ˆ์šฉํ• ์ง€ ๊ฑฐ๋ถ€ํ• ์ง€์— ๋Œ€ํ•œ ๋‚ด์šฉ (Allow, Deny)
  • Principal : ํŠน์ • ์ •์ฑ…์ด ์ ์šฉ๋  ์‚ฌ์šฉ์ž, ๊ณ„์ • ํ˜น์€ ์—ญํ• ๋กœ ๊ตฌ์„ฑ
  • Action : Effect์— ๊ธฐ๋ฐ˜ํ•ด ํ—ˆ์šฉ ๋ฐ ๊ฑฐ๋ถ€๋˜๋Š” API ํ˜ธ์ถœ์˜ ๋ชฉ๋ก
  • Resource : ์ ์šฉ๋  Action์˜ ๋ฆฌ์†Œ์Šค์˜ ๋ชฉ๋ก
  • Condition : Statement๊ฐ€ ์–ธ์ œ ์ ์šฉ๋ ์ง€๋ฅผ ๊ฒฐ์ •

AWS์—๋Š” ROOT ๊ณ„์ •๊ณผ IAM๊ณ„์ •์ด ์žˆ๋‹ค.

1. ROOT ๊ณ„์ •

  • AWS์— ์ฒ˜์Œ ๊ฐ€์ž…ํ• ๋•Œ ์ƒ์„ฑํ•˜๋Š” ๊ณ„์ •์ด๋‹ค. ๋ชจ๋“  ๊ถŒํ•œ์„ ๊ฐ€์ง€๊ณ  ์žˆ๋‹ค.

  • ๋ณด์•ˆ์ƒ ROOT๊ณ„์ •์€ ์ตœ๋Œ€ํ•œ ์ž์ œํ•ด์•ผํ•˜๊ณ  IAMํ‚ค๋กœ ์ œํ•œ๋œ ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•ด์•ผํ•œ๋‹ค.

2. IAM ๊ณ„์ •

  • AWS ๋ฆฌ์†Œ์Šค๋ฅผ ์•ˆ์ „ํ•˜๊ฒŒ ๊ด€๋ฆฌํ•˜๊ธฐ ์œ„ํ•œ ์„œ๋น„์Šค์ด๋‹ค.

  • ROOT ๊ณ„์ • ํ˜น์€ ๋‹ค๋ฅธ IAM ๊ณ„์ •์œผ๋กœ๋ถ€ํ„ฐ ๊ถŒํ•œ์„ ๋ถ€์—ฌ ๋ฐ›์œผ๋ฉฐ, ์ฃผ์–ด์ง„ ๊ถŒํ•œ ๋‚ด์˜ ์ž‘์—…๋งŒ ํ•  ์ˆ˜ ์žˆ๋‹ค.

ํŠนํžˆ ROOT๊ณ„์ •์˜ MFA๋Š” ํ•„์ˆ˜์ ์ด๋‹ค.

MFA๋ž€, Multi-Factor Authentication (MFA) 2๋‹จ๊ณ„ ์ธ์ฆ์ด๋ผ๊ณ  ๋ณด๋ฉด ์ดํ•ด๊ฐ€ ๋  ๊ฒƒ์ด๋‹ค.

์œ„์™€๊ฐ™์ด Alice๋Š” LOGIN์‹œ, Password ์™€ MFA Token์œผ๋กœ LOGIN์„ ์ง„ํ–‰ํ•œ๋‹ค.

profile
์ฆ๊ฒ๊ฒŒ ๋ชฐ๋‘ํ•˜์ž. ^-^!

0๊ฐœ์˜ ๋Œ“๊ธ€