Lesson 6: OCI IAM

IAM, Authentication, Authorization, Policies

Identity and Access Management (IAM)

It lets you control who has access to your cloud resources.

IAM has 2 principals1 :

  • IAM Users

  • Instance Principals

IAM Users and Groups

  • Users = individual people or applications

  • First IAM User = default administrator

  • Users enforce security principle of least privilege:

    • Users -> Groups

    • Group -> at least one policy with permission to tenancy or a compartment

Instance Principals

  • Instance Principals let instances and applications to make API calls against other OCI services removing the need to configure user credentials or a configuration file.

    允许实例和应用程序在实例上运行,以便于对其他OCI服务进行API调用,从而除去用户凭证或配置文件的需要。

Authentication

Authentication Service authenticates by:

  • User name, Password

  • API Signing key (e.g. github API public key)

    Required wiehn using the OCI API in conjunction with the SDK/CLI

  • Auth Tokens

    Oracle-generated toekn strings to authenticate with 3rd party APIs that do no support OCI signature-based authentication

Authorization

Authorization specifies various actions an authenticated Principal can perform.

OCI Authorization = Policies

Policies attachment, can be attached to a compartment or can be attached to an account.

Policies Syntax

Common Policies

1 principal: is an IAM entity that is allowed to interact with OCI resources

上一页Lesson 5: OCI Networking Services下一页Lesson 7: OCI Database Service

最后更新于

这有帮助吗?