A common question is when first setting up and AWS environment is how to prevent developers, OS administrators, DBAs, architectures and all the different roles you may have in your organization from having the correct privileges. You use IAM group and users. You would create a developer group. Ignore roles to start with as these are for AWS services to access other services (example: EC2 accessing S3) and cross account access. Then add policies to the group (use policy generator or select a template). Then add each developer as individual users and adding them to the developer group.
Good resource for all of your questions….You can explicitly manage roles and policy
http://docs.aws.amazon.com/IAM/latest/UserGuide/cross-acct-access-walkthrough-creategroup.html
Nice blog entry here:
https://forums.aws.amazon.com/message.jspa?messageID=197920
Nice blog entry here:
https://forums.aws.amazon.com/message.jspa?messageID=197920
No comments:
Post a Comment