0

Question

What is the .amazonaws.com such as elastictranscoder.amazonaws.com?

statement {
  sid    = "1"
  effect = "Allow"

  principals {
    identifiers = ["elastictranscoder.amazonaws.com"]
    type        = "Service"
  }
  actions = ["sts:AssumeRole"]
}

According to Roles Terms and Concepts, it should be either IAM user or a role. I wonder which one it is.

Principal
An entity in AWS that can perform actions and access resources. A principal can be an AWS account root user, an IAM user, or a role.

Trust policy
A document in JSON format in which you define who is allowed to assume the role. This trusted entity is included in the policy as the principal element in the document.

4

1 回答 1

2

两者都不是。这个定义是不完整的。

这是一项 AWS 服务(类型 =“服务”)。

使用 Principal 元素指定允许或拒绝访问资源的用户(IAM 用户、联合用户或假定角色用户)、AWS 账户、AWS 服务或其他委托人实体。(重点补充)

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

于 2018-08-19T14:29:44.373 回答