Amazon Web Services Developer User Rights

Question

Amazon Web Services Developer User Rights

I have an account Amazon Web Servicesthat will be used to host application support. The backend uses PHP/MySQLand most likely uses an instance of EC2and RDS. I have my own account that has access to everything. I need to create an account for the developer to host the backend on AWS, but I do not want them to have access to anything other than what they need. I know how to create users and groups IAM, but I do not know what permissions to give the developer. There Select Policy Templateis a template Power User, is it good for the developer? Has anyone done this before?

+4

amazon-web-services

Heinrich Jan 12 '15 at 10:16

source share

1 answer

John Rotenstein · Accepted Answer · 2015-01-12T22:56:57+0000

The Power User Access template in AWS Identity and Access Management (IAM) provides permission to do BELOW, except for using IAM. A user with this permission can view, create, or delete any resources in your AWS account, but they cannot create new users or change any user permissions.

It is recommended that you provide people with the least amount of privilege necessary to use AWS so that they do not intentionally and accidentally do something unwanted. However, if you do not have enough AWS knowledge to find out what functionality is required, you will most likely need to trust the developer to customize the system for your needs.

A few tips:

IAM - root
, , "Power User" , "", IAM.
, , AWS
, EC2 ( ).
roles, Amazon EC2 - IAM, .
, .
, , AWS , .
CloudTrail, ( )

AWS ( EC2, ) EC2. , AWS.

Amazon Web Services Developer User Rights

More articles: