AWS IAM Role

IAM是root account可以管理User和Group和權限關係, 接近原來Linux的管理概念.

Role是在AWS背端整合好的特殊User, 一樣可設定權限, 

access key 和 secret key不需要被揭露, 

開新的instance可以用IAM Role來啟動, 就不需要設定access key.

提高自動化以及降低了機密外洩的風險.

IAM roles. A role is an entity that has its own set of permissions, but that isn't a user or group. Roles also don't have their own permanent set of credentials the way IAM users do.

IAM Role讓AWS在背端替你餵Access key給 instances.

IAM Best practice:

http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html

影片：