{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
你能解释一下是什么
ec2.amazonaws.com
是这里的意思吗?我现在可以通过什么方式担任这个角色?
最佳答案
一个 Principal在 Amazon IAM policy 内指定允许或拒绝访问资源的用户(IAM 用户、联合用户或假定角色用户)、AWS 账户、AWS 服务或其他委托(delegate)人实体:
You use the
Principal
element in the trust policies for IAM roles and in resource-based policies—that is, in policies that you embed directly in a resource. For example, you can embed such policies in an Amazon S3 bucket, an Amazon Glacier vault, an Amazon SNS topic, an Amazon SQS queue, or an AWS KMS encryption key.
对于手头的策略,委托(delegate)人是 AWS 服务
ec2.amazonaws.com
,即此信任策略授予 Amazon EC2服务以在您的账户中承担任何 IAM 角色(即,隐含 "Resource": "*"
语句)。Resource
进行说明像 "Resource": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/ROLE-NAME"
这样的声明关于amazon-web-services - AWS IAM 角色中的默认信任策略是什么意思?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32427859/