• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

IAMのはじめかた

on

  • 19,870 views

 

Statistics

Views

Total Views
19,870
Views on SlideShare
8,688
Embed Views
11,182

Actions

Likes
17
Downloads
65
Comments
0

17 Embeds 11,182

http://blog.dateofrock.com 9995
http://aws.typepad.com 852
http://www.cloudworks.jp 135
http://azwoo.hatenablog.com 82
http://webcache.googleusercontent.com 65
http://journal.sooey.com 22
http://coderwall.com 10
http://mqbrokeraccess.appspot.com 5
https://twitter.com 3
http://s.deeeki.com 3
http://feeds.feedburner.com 2
http://www.typepad.com 2
url_unknown 2
http://aws.typepad.com.14feb-youth.com 1
http://aws.typepad.com.14feb-youth.com 1
https://cybozulive.com 1
http://cache.yahoofs.jp 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial LicenseCC Attribution-NonCommercial License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    IAMのはじめかた IAMのはじめかた Presentation Transcript

    • (@junya) Thursday, October 28, 2010
    • http://twitter.com/#!/KenTamagawa/status/25887602080 Thursday, October 28, 2010
    • http://aws.amazon.com/iam/ Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • $ unzip IAMCli.zip $ export JAVA_HOME=/path/to/java_home $ export AWS_IAM_HOME=/path/to/IAMCli-1.1.0 $ export PATH=$AWS_IAM_HOME/bin:$PATH $ echo 'AWSAccessKeyId=***' > account-key $ echo 'AWSSecretKey=***' >> account-key $ chmod 600 account-key $ export AWS_CREDENTIAL_FILE=account-key Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • $ iam-usercreate -u bob -k AKIAEEX5JT45QCZA7MSO Jp7hKRgZ+GPEoVRrdvuufYh4D23GnQLTPvthvHbN $ iam-userlistbypath arn:aws:iam::111122223333:user/bob Thursday, October 28, 2010
    • $ openssl genrsa -out bob.pk.pem 1024 $ openssl req -new -x509 -out bob.cert.pem -key bob.pk.pem -days 365 $ iam-useraddcert -f bob.cert.pem -u bob $ iam-userlistcerts -u bob NDUQVOYX6OVFIXGS2VERXMGNRDWE6PU4 Active Thursday, October 28, 2010
    • bob@ $ ec2-describe-instances Client.UnauthorizedOperation: You are not authorized to perform this operation. Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • $ iam-useraddpolicy -u bob -p Bob_Instance_Policy -e Allow -a ec2:DescribeInstances -a ec2:StartInstances -a ec2:StopInstances -r '*' Thursday, October 28, 2010
    • $ iam-userlistpolicies -u bob -p Bob_Instance_Policy {"Version":"2008-10-17","Statement": [{"Effect":"Allow","Action": ["ec2:DescribeInstances","ec2:StartInst ances","ec2:StopInstances"],"Resource": ["*"]}]} Thursday, October 28, 2010
    • bob@ $ ec2-describe-instances ( ) bob@ $ ec2-terminate-instances i-00000001 Client.UnauthorizedOperation: You are not authorized to perform this operation. Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • $ vi policy.json { "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": "*", "Condition": { "IpAddress": { "aws:SourceIp": [ "10.1.2.0/24", "10.1.3.0/24" ] } } } ] } Thursday, October 28, 2010
    • $ iam-useruploadpolicy -u bob -p Bob_Instance_Policy -f policy.json http://www.jsonlint.com/ Thursday, October 28, 2010
    • bob@other $ ec2-describe-instances Client.UnauthorizedOperation: You are not authorized to perform this operation. Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • { "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": ["arn:aws:s3:::GeneratedPDF"] } ] } Thursday, October 28, 2010
    • Thursday, October 28, 2010
    • $ iam-userlistkeys -u bob AKIAEEX5JT45QCZA7MSO Active $ iam-usermodkey -u bob -k AKIAEEX5JT45QCZA7MSO -s Inactive $ iam-userlistkeys -u bob AKIAEEX5JT45QCZA7MSO Inactive Thursday, October 28, 2010
    • IAM YES YES EC2 YES RDS YES S3 YES YES SimpleDB YES YES SNS YES YES SQS YES VPC YES Auto Scaling YES ELB YES Thursday, October 28, 2010
    • CLI - AWS Identity and Access Management http://docs.amazonwebservices.com/IAM/latest/CLIReference/Commands.html - AWS IAM Getting Started Guide http://docs.amazonwebservices.com/IAM/latest/GettingStartedGuide/ - Working with Users and Groups http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html? Using_WorkingWithGroupsAndUsers.html - Working with Users and Groups http://docs.amazonwebservices.com/IAM/latest/UserGuide/ExampleIAMPolicies.html EC2 - Working with Users and Groups http://docs.amazonwebservices.com/IAM/latest/UserGuide/UsingWithEC2.html Thursday, October 28, 2010
    • http://slidesha.re/bxNw4E Cloudworks http://cloudworks.jp/ Thursday, October 28, 2010