Cloudformation担任的角色
Clouformation assumable role
我有一个角色,我们称它为 RoleA。 RoleA 是我的 AWS 账户中已经存在的角色,无法轻易更改。
我有一个部署新角色的 CloudFormation 脚本,将其命名为 RoleB。
是否可以通过编辑部署RoleB的云形成脚本而不对RoleA做任何改动,让RoleA代入RoleB?
没有。因为允许 IAM Role 承担您需要确保源角色可以承担目标和目标角色,允许 trust policy
中的源角色
To delegate permission to access a resource, you create an IAM role in the trusting account that has two policies attached. The permissions policy grants the user of the role the needed permissions to carry out the intended tasks on the resource. The trust policy specifies which trusted account members are allowed to assume the role
我有一个角色,我们称它为 RoleA。 RoleA 是我的 AWS 账户中已经存在的角色,无法轻易更改。
我有一个部署新角色的 CloudFormation 脚本,将其命名为 RoleB。
是否可以通过编辑部署RoleB的云形成脚本而不对RoleA做任何改动,让RoleA代入RoleB?
没有。因为允许 IAM Role 承担您需要确保源角色可以承担目标和目标角色,允许 trust policy
To delegate permission to access a resource, you create an IAM role in the trusting account that has two policies attached. The permissions policy grants the user of the role the needed permissions to carry out the intended tasks on the resource. The trust policy specifies which trusted account members are allowed to assume the role