问题描述

在IAM中，通过CLI或API创建IAM用户时，"Path"变量的用途是什么?

In IAM, what is the purpose/use of the "Path" variable when creating an IAM User via the CLI or API?

推荐答案

IAM中的path变量用于在唯一的命名空间中对相关用户和组进行分组，通常是出于组织目的.

The path variable in IAM is used for grouping related users and groups in a unique namespace, usually for organizational purposes.

来自友好的名称和路径:

例如，一个大型组织可能在/WestRegion/AZ和/EastRegion/NY路径中拥有用户.这将对应于组织的内部部门.

For example, a large organization may have users in paths /WestRegion/AZ and /EastRegion/NY. This would correspond to internal divisions of the organization.

以下是上述文档中的一些示例:

Here are some examples from the above document:

一个给定帐户中名为Bob的IAM用户:

An IAM user called Bob in a given account:

arn:aws:iam::123456789012:user/Bob

另一个用户Bob的路径反映了组织结构图:

Another different user Bob with a path reflecting an organization chart:

arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob

IAM组:

arn:aws:iam::123456789012:group/Developers

具有路径的IAM组:

arn:aws:iam :: 123456789012:group/division_abc/subdivision_xyz/product_A/Developer

请注意，此元数据未在控制台中公开.我的猜测是，用户 path 的用法更适合通常依赖于CloudFormation和/或AWS CLI来管理其AWS资源的大型组织或高级用户.例如，-path-prefix 是 aws iam list-users 的参数.

Note that this metadata is not exposed in the Console. My guess is that usage of a user path is more suited for large organizations, or advanced users, that would normally rely on CloudFormation and/or the AWS CLI for managing their AWS resources. For example, the --path-prefix is a parameter to aws iam list-users.

请参见 http://docs.aws.amazon.com/cli/latest/reference/iam/list-users.html

这篇关于在AWS IAM中，“路径"的目的/用途是什么?多变的?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！