AWS Identity and Access Management (IAM) cheat sheet
提供:雑多なメモ Wiki版
AWS Identity and Access Management (IAM) Documentation
AWS Management Console で出来るようになりました。
% iam-groupcreate -g Admins % iam-grouplistbypath arn:aws:iam::123456789012:group/Admins % iam-groupuploadpolicy -g Admins -p AdminsGroupPolicy -f AdminPolicy.txt % iam-grouplistpolicies -g Admins AdminsGroupPolicy % iam-usercreate -u user000 -g Admins -k -v *** AWSAccessKeyId *** *** AWSSecretKey *** arn:aws:iam::123456789012:user/user000 AIDAIZBQBEPYFPZBAMIT6 % iam-useraddloginprofile -u user000 -p PASSWORD
AdminsGroup用 full control な Policy (↑での AdminPolicy.txt)
{ "Statement":[{ "Effect":"Allow", "Action":"*", "Resource":"*" } ] }
AWS Policy Generator
Create an alias for the AWS account. This isrequired to support User signin.
% iam-accountaliascreate -a mycompany Alias: mycompany Direct Signin Link: mycompany.signin.aws.amazon.com
IAM 用 AWS Management Console の URL
https://mycompany.signin.aws.amazon.com/console/ec2
AWS credential を明示的に指定
% iam-userlistbypath --aws-credential-file jawsug_cred.txt
AWS Credential file のフォーマット
AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXX AWSSecretKey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Changes the login profile password for the user
% iam-usermodloginprofile -u user000 -p NEWPASSWORD
Delete login profile of the user
% iam-userdelloginprofile -u user000
Deletes a user from your account. If the user is in groups or has policies use the -r option to delete dangling entities. Use the -p option to view what will be deleted without taking action.
% iam-userdel -r -p -u user000 % iam-userdel -r -u user000
削除できたかを確認
% iam-grouplistusers -g Admins % iam-userlistbypath
example
% iam-userdelloginprofile --aws-credential-file jawsug_cred.txt -u user000 % iam-userdel --aws-credential-file jawsug_cred.txt -r -u user000
