aws cli 使用_学习AWS CLI –使用AWS CLI探索IAM用户，角色，策略

aws cli 使用

AWS provides a command-line interface (AWS CLI) tool to work with its various cloud services. It is a single tool with many useful commands and allows you to automate a particular task using scripts. You might need to do specific tasks regularly. You can use the AWS Web Console for it. However, it requires you to go through all configuration options all over again.

AWS提供了命令行界面（AWS CLI）工具来使用其各种云服务。 它是一个包含许多有用命令的工具，可让您使用脚本自动执行特定任务。 您可能需要定期执行特定任务。 您可以使用AWS Web控制台。 但是，它要求您重新遍历所有配置选项。

In the previous articles on the Learn AWS CLI, we explored the following points.

在了解AWS CLI的先前文章中，我们探讨了以下几点。

• An Overview of AWS CLI (AWS Command Line Interface): We get an overview of the CLI tool along with its installation and profile configuration for your AWS account using access and secret key. You should perform the steps mentioned in this article to go ahead with the article AWS CLI概述（AWS命令行界面） ：我们将使用访问和密钥为您的AWS账户提供CLI工具的概述以及其安装和配置文件配置。 您应该执行本文中提到的步骤以继续本文。
• Interact with AWS S3 Buckets using AWS CLI: This article gives instructions for CLI commands related to Amazon S3 buckets such as create a bucket, upload & download objects, list S3 buckets, and remove a bucket 使用AWS CLI与AWS S3存储桶进行交互 ：本文提供与Amazon S3存储桶相关的CLI命令的说明，例如创建存储桶，上传和下载对象，列出S3存储桶以及删除存储桶

AWS provides two kinds of users to work in both AWS web console and CLI interface.

AWS提供了两种用户在AWS Web控制台和CLI界面中工作。

• Root user: It is the account you create once you sign up for AWS services. It has the highest privileges, and you should not use this account to work with any services 根用户：这是您注册AWS服务后创建的帐户。 它具有最高的特权，您不应使用此帐户来使用任何服务
• IAM user: We create user accounts in AWS, assign permissions, roles, attach policies so that users can authenticate themselves and can do the authorized work IAM用户：我们在AWS中创建用户帐户，分配权限，角色，附加策略，以便用户可以进行身份​​验证并可以执行授权工作

We will explore more about the IAM user in this article. I will walk through both AWS web console, and AWS CLI commands for it.

我们将在本文中探索有关IAM用户的更多信息。 我将同时介绍AWS Web控制台和AWS CLI命令。

使用AWS Web Console具有管理访问权限的IAM用户 (IAM user with administrative access using AWS Web Console)

As highlighted earlier, we should not use the root account for doing any operational work in AWS. Some users might require administrative permissions so we can create an IAM user with administrative access.

如前所述，我们不应使用root帐户在AWS中进行任何操作。 有些用户可能需要管理权限，因此我们可以创建具有管理访问权限的IAM用户。

First, sign up to AWS console and navigate to IAM in the Security, Identity & Compliance group:

首先，注册到AWS控制台并导航到“ 安全性，身份和合规性”组中的IAM ：

It opens the Identity and access management web page. You can see existing IAM users, roles, groups along with a Web URL for IAM users:

它将打开“身份和访问管理”网页。 您可以查看现有的IAM用户，角色，组以及IAM用户的Web URL：

As you can see, we have two existing users in my account. Click on Users, and it gives you a list of users:

如您所见，我的帐户中已有两个现有用户。 单击“ 用户” ，它会为您提供用户列表：

Click on any