从管理控制台隐藏服务
Hide services from management console
我已将某个组的 IAM 权限设置为仅具有对 S3 的只读访问权限,但是,该组仍然可以在管理控制台中看到所有其他服务并进入它们。一旦用户尝试做某事,消息就会显示 "Not authorised" 等等,但是,我希望这个组在管理控制台中只看到一个服务。
所以当这个组的用户登录时,他们看到的只是 S3。
这怎么可能?
隐藏来自 AWS Management Console is not possible right now, unfortunately. AWS is currently redesigning the console though, and this might include such options down the road as per the respective FAQ Why are you changing the console design? 的服务:
Our goal is to improve information display, make interactions more consistent, support devices such as tablets, and deliver a customizable experience. You will see these improvements and visual updates rolled out across our services over the coming months. [...] [emphasis mine]
但是,此时提到的可定制体验可能仅指最近推出的Resource Groups and Tagging for AWS,它允许您轻松创建、维护,并查看共享公共标签的资源集合:
[...] By default, the AWS Management Console is organized by AWS service. But with the Resource Groups tool, you can create a custom console that organizes and consolidates the information you need based on your project and the resources you use. If you manage resources in multiple regions, you can create a resource group to view resources from different regions on the same screen.[emphasis mine]
基于这种新的跨区域 Resource Groups 方法,确实可以创建和共享受限于资源类型 S3 Buckets 的资源组(即初始视图将限于只是 S3 桶)——然而,就像常规控制台视图一样,这不会阻止您的用户自己在控制台的其他区域自由漫游,即您不能强制执行所需的限制,而只能朝这个方向引导。
我已将某个组的 IAM 权限设置为仅具有对 S3 的只读访问权限,但是,该组仍然可以在管理控制台中看到所有其他服务并进入它们。一旦用户尝试做某事,消息就会显示 "Not authorised" 等等,但是,我希望这个组在管理控制台中只看到一个服务。
所以当这个组的用户登录时,他们看到的只是 S3。
这怎么可能?
隐藏来自 AWS Management Console is not possible right now, unfortunately. AWS is currently redesigning the console though, and this might include such options down the road as per the respective FAQ Why are you changing the console design? 的服务:
Our goal is to improve information display, make interactions more consistent, support devices such as tablets, and deliver a customizable experience. You will see these improvements and visual updates rolled out across our services over the coming months. [...] [emphasis mine]
但是,此时提到的可定制体验可能仅指最近推出的Resource Groups and Tagging for AWS,它允许您轻松创建、维护,并查看共享公共标签的资源集合:
[...] By default, the AWS Management Console is organized by AWS service. But with the Resource Groups tool, you can create a custom console that organizes and consolidates the information you need based on your project and the resources you use. If you manage resources in multiple regions, you can create a resource group to view resources from different regions on the same screen.[emphasis mine]
基于这种新的跨区域 Resource Groups 方法,确实可以创建和共享受限于资源类型 S3 Buckets 的资源组(即初始视图将限于只是 S3 桶)——然而,就像常规控制台视图一样,这不会阻止您的用户自己在控制台的其他区域自由漫游,即您不能强制执行所需的限制,而只能朝这个方向引导。