<service>.amazonaws.com 是用户还是角色?
Is <service>.amazonaws.com a user or a role?
问题
elastictranscoder等.amazonaws.com是什么.amazonaws.com?
statement {
sid = "1"
effect = "Allow"
principals {
identifiers = ["elastictranscoder.amazonaws.com"]
type = "Service"
}
actions = ["sts:AssumeRole"]
}
根据Roles Terms and Concepts,它应该是 IAM 用户或角色。不知道是哪一个
Principal
An entity in AWS that can perform actions and access resources. A principal can be an AWS account root user, an IAM user, or a role.
Trust policy
A document in JSON format in which you define who is allowed to assume the role. This trusted entity is included in the policy as the principal element in the document.
两者都不是。该定义不完整。
这是一个 AWS 服务(类型 = "Service")。
Use the Principal element to specify the user (IAM user, federated user, or assumed-role user), AWS account, AWS service, or other principal entity that is allowed or denied access to a resource. (emphasis added)
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
问题
elastictranscoder等.amazonaws.com是什么.amazonaws.com?
statement {
sid = "1"
effect = "Allow"
principals {
identifiers = ["elastictranscoder.amazonaws.com"]
type = "Service"
}
actions = ["sts:AssumeRole"]
}
根据Roles Terms and Concepts,它应该是 IAM 用户或角色。不知道是哪一个
Principal
An entity in AWS that can perform actions and access resources. A principal can be an AWS account root user, an IAM user, or a role.Trust policy
A document in JSON format in which you define who is allowed to assume the role. This trusted entity is included in the policy as the principal element in the document.
两者都不是。该定义不完整。
这是一个 AWS 服务(类型 = "Service")。
Use the Principal element to specify the user (IAM user, federated user, or assumed-role user), AWS account, AWS service, or other principal entity that is allowed or denied access to a resource. (emphasis added)
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html