{"id":1244,"date":"2018-04-23T08:00:59","date_gmt":"2018-04-22T23:00:59","guid":{"rendered":"https:\/\/www.itc109.com\/knowledge\/?p=1244"},"modified":"2021-09-30T08:59:15","modified_gmt":"2021-09-29T23:59:15","slug":"get-aws-iam-roll","status":"publish","type":"post","link":"https:\/\/www.itc109.com\/knowledge\/aws\/get-aws-iam-roll","title":{"rendered":"AWS – IAM\u30ed\u30fc\u30eb\u60c5\u5831\u306e\u53d6\u5f97"},"content":{"rendered":"

\u6982\u8981<\/strong><\/h4>\n

\u524d\u56de\u307e\u3067\u306fIAM\u306e\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u3092\u53d6\u5f97\u3059\u308b\u624b\u9806\u306b\u3064\u3044\u3066\u8a18\u8f09\u3057\u3066\u304d\u307e\u3057\u305f\u3002<\/p>\n

AWS – IAM\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u306e\u53d6\u5f97<\/a>
\nAWS – IAM\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u306e\u53d6\u5f97(AWS\u7ba1\u7406\u30dd\u30ea\u30b7\u30fc)<\/a>
\nAWS – IAM\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u306e\u53d6\u5f97(\u30a4\u30f3\u30e9\u30a4\u30f3\u30dd\u30ea\u30b7\u30fc)<\/a><\/p>\n

\u4eca\u56de\u304b\u3089\u306f\u3001IAM(Identity and Access Management) \u306e\u300c\u30ed\u30fc\u30eb\u300d\u60c5\u5831\u3092\u53d6\u5f97\u3059\u308b\u65b9\u6cd5\u306b\u3064\u3044\u3066\u8a18\u8f09\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n

IAM \u30ed\u30fc\u30eb<\/strong><\/a>
\nIAM \u30ed\u30fc\u30eb\u306f\u3001AWS \u3067\u8a31\u53ef\/\u7981\u6b62\u3059\u308b\u64cd\u4f5c\u3092\u6c7a\u3081\u308b\u30a2\u30af\u30bb\u30b9\u6a29\u9650\u30dd\u30ea\u30b7\u30fc\u304c\u95a2\u9023\u4ed8\u3051\u3089\u308c\u3066\u3044\u308b AWS ID \u3067\u3042\u308b\u3068\u3044\u3046\u70b9\u3067\u3001\u30e6\u30fc\u30b6\u30fc\u3068\u4f3c\u3066\u3044\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u30e6\u30fc\u30b6\u30fc\u306f 1 \u4eba\u306e\u7279\u5b9a\u306e\u4eba\u306b\u4e00\u610f\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u307e\u3059\u304c\u3001\u30ed\u30fc\u30eb\u306f\u305d\u308c\u3092\u5fc5\u8981\u3068\u3059\u308b\u4efb\u610f\u306e\u4eba\u304c\u5f15\u304d\u53d7\u3051\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u307e\u305f\u3001\u30ed\u30fc\u30eb\u306b\u306f\u6a19\u6e96\u306e\u9577\u671f\u8a8d\u8a3c\u60c5\u5831 (\u30d1\u30b9\u30ef\u30fc\u30c9\u3084\u30a2\u30af\u30bb\u30b9\u30ad\u30fc) \u3082\u95a2\u9023\u4ed8\u3051\u3089\u308c\u307e\u305b\u3093\u3002\u4ee3\u308f\u308a\u306b\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u30ed\u30fc\u30eb\u3092\u5f15\u304d\u53d7\u3051\u305f\u5834\u5408\u3001\u4e00\u6642\u7684\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a8d\u8a3c\u60c5\u5831\u304c\u52d5\u7684\u306b\u4f5c\u6210\u3055\u308c\u3001\u30e6\u30fc\u30b6\u30fc\u306b\u63d0\u4f9b\u3055\u308c\u307e\u3059\u3002<\/p><\/blockquote>\n

 <\/p>\n

 <\/p>\n

\u624b\u9806<\/strong><\/h4>\n

IAM\u306b\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u30ed\u30fc\u30eb\u4e00\u89a7\u3092\u51fa\u529b\u3059\u308b\u306b\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n

\n
aws iam list-roles<\/code><\/pre>\n<\/div>\n
\u5b9f\u884c\u7d50\u679c<\/p>\n
TEXT<\/strong><\/p>\n
\n
ROLES   arn:aws:iam::123456789000:role\/Lambda-Snapshot  2018-01-01T00:00:00Z            \/       AROABCDEFGHIJKLMNOPQ1   Lambda-Snapshot ASSUMEROLEPOLICYDOCUMENT        2012-10-17\r\nSTATEMENT       sts:AssumeRole  Allow\r\nPRINCIPAL       lambda.amazonaws.com\r\nROLES   arn:aws:iam::123456789000:role\/SimpleSystemsManager     2018-01-01T00:00:00Z    Allows EC2 instances to call AWS services like CloudWatch and SSM on your behalf.       \/       AROABCDEFGHIJKLMNOPQ2   SimpleSystemsManager\r\nASSUMEROLEPOLICYDOCUMENT        2012-10-17\r\nSTATEMENT       sts:AssumeRole  Allow\r\nPRINCIPAL       ec2.amazonaws.com\r\n<\/code><\/pre>\n<\/div>\n
TABLE<\/strong><\/p>\n
\n
--------------------------------------------------------------------------------------------------------\r\n|                                               ListRoles                                              |\r\n+------------------------------------------------------------------------------------------------------+\r\n||                                                Roles                                               ||\r\n|+----------------------+-----------------------------------------------------------------------------+|\r\n||  Arn                 |  arn:aws:iam::123456799000:role\/Lambda-Snapshot                             ||\r\n||  CreateDate          |  2018-01-01T00:00:00Z                                                       ||\r\n||  Description         |                                                                             ||\r\n||  Path                |  \/                                                                          ||\r\n||  RoleId              |  AROABCDEFGHIJKLMNOPQ1                                                      ||\r\n||  RoleName            |  Lambda-Snapshot                                                            ||\r\n|+----------------------+-----------------------------------------------------------------------------+|\r\n|||                                     AssumeRolePolicyDocument                                     |||\r\n||+------------------------------------------+-------------------------------------------------------+||\r\n|||  Version                                 |  2012-10-17                                           |||\r\n||+------------------------------------------+-------------------------------------------------------+||\r\n||||                                            Statement                                           ||||\r\n|||+---------------------------------+--------------------------------------------------------------+|||\r\n||||  Action                         |  sts:AssumeRole                                              ||||\r\n||||  Effect                         |  Allow                                                       ||||\r\n|||+---------------------------------+--------------------------------------------------------------+|||\r\n|||||                                           Principal                                          |||||\r\n||||+----------------------------+-----------------------------------------------------------------+||||\r\n|||||  Service                   |  lambda.amazonaws.com                                           |||||\r\n||||+----------------------------+-----------------------------------------------------------------+||||\r\n||                                                Roles                                               ||\r\n|+-------------+--------------------------------------------------------------------------------------+|\r\n||  Arn        |  arn:aws:iam::123456799000:role\/SimpleSystemsManager                                 ||\r\n||  CreateDate |  2018-01-01T00:00:00Z                                                                ||\r\n||  Description|  Allows EC2 instances to call AWS services like CloudWatch and SSM on your behalf.   ||\r\n||  Path       |  \/                                                                                   ||\r\n||  RoleId     |  AROABCDEFGHIJKLMNOPQ2                                                               ||\r\n||  RoleName   |  SimpleSystemsManager                                                                ||\r\n|+-------------+--------------------------------------------------------------------------------------+|\r\n|||                                     AssumeRolePolicyDocument                                     |||\r\n||+------------------------------------------+-------------------------------------------------------+||\r\n|||  Version                                 |  2012-10-17                                           |||\r\n||+------------------------------------------+-------------------------------------------------------+||\r\n||||                                            Statement                                           ||||\r\n|||+---------------------------------+--------------------------------------------------------------+|||\r\n||||  Action                         |  sts:AssumeRole                                              ||||\r\n||||  Effect                         |  Allow                                                       ||||\r\n||||  Sid                            |                                                              ||||\r\n|||+---------------------------------+--------------------------------------------------------------+|||\r\n|||||                                           Principal                                          |||||\r\n||||+-------------------------------+--------------------------------------------------------------+||||\r\n|||||  Service                      |  ec2.amazonaws.com                                           |||||\r\n||||+-------------------------------+--------------------------------------------------------------+||||\r\n<\/code><\/pre>\n<\/div>\n
JSON<\/strong><\/p>\n
\n
{\r\n    \"Roles\": [\r\n        {\r\n            \"AssumeRolePolicyDocument\": {\r\n                \"Version\": \"2012-10-17\",\r\n                \"Statement\": [\r\n                    {\r\n                        \"Action\": \"sts:AssumeRole\",\r\n                        \"Effect\": \"Allow\",\r\n                        \"Principal\": {\r\n                            \"Service\": \"lambda.amazonaws.com\"\r\n                        }\r\n                    }\r\n                ]\r\n            },\r\n            \"RoleId\": \"AROABCDEFGHIJKLMNOPQ1\",\r\n            \"CreateDate\": \"2018-01-01T00:00:00Z\",\r\n            \"RoleName\": \"Lambda-Snapshot\",\r\n            \"Path\": \"\/\",\r\n            \"Arn\": \"arn:aws:iam::123456789000:role\/Lambda-Snapshot\"\r\n        },\r\n        {\r\n            \"Description\": \"Allows EC2 instances to call AWS services like CloudWatch and SSM on your behalf.\",\r\n            \"AssumeRolePolicyDocument\": {\r\n                \"Version\": \"2012-10-17\",\r\n                \"Statement\": [\r\n                    {\r\n                        \"Action\": \"sts:AssumeRole\",\r\n                        \"Principal\": {\r\n                            \"Service\": \"ec2.amazonaws.com\"\r\n                        },\r\n                        \"Effect\": \"Allow\",\r\n                        \"Sid\": \"\"\r\n                    }\r\n                ]\r\n            },\r\n            \"RoleId\": \"AROABCDEFGHIJKLMNOPQ2\",\r\n            \"CreateDate\": \"2018-01-01T00:00:00Z\",\r\n            \"RoleName\": \"SimpleSystemsManager\",\r\n            \"Path\": \"\/\",\r\n            \"Arn\": \"arn:aws:iam::123456789000:role\/SimpleSystemsManager\"\r\n        }\r\n    ]\r\n}<\/code><\/pre>\n<\/div>\n
 <\/p>\n
\u51fa\u529b\u7d50\u679c\u304b\u3089\u4ee5\u4e0b\u306e\u9805\u76ee\u304c\u53d6\u5f97\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n
\u9805\u76ee<\/th>\n\u5f62\u5f0f<\/th>\n\u8aac\u660e<\/th>\n\u5bfe\u5fdc\u7b87\u6240<\/th>\n<\/tr>\n
Path<\/td>\nstring<\/td>\n\u30ed\u30fc\u30eb\u3078\u306e\u30d1\u30b9\u3002<\/td>\n\u30d1\u30b9<\/td>\n<\/tr>\n
Arn<\/td>\nstring<\/td>\n\u5f79\u5272\u3092\u6307\u5b9a\u3059\u308bAmazon\u30ea\u30bd\u30fc\u30b9\u540d\uff08ARN\uff09\u3002<\/td>\n\u30ed\u30fc\u30eb\u306e ARN<\/td>\n<\/tr>\n
RoleName<\/td>\nstring<\/td>\n\u30ed\u30fc\u30eb\u3092\u8b58\u5225\u3059\u308b\u308f\u304b\u308a\u3084\u3059\u3044\u540d\u524d<\/td>\n\u30ed\u30fc\u30eb\u540d<\/td>\n<\/tr>\n
RoleId<\/td>\nstring\u00a0<\/td>\n\u30ed\u30fc\u30eb\u3092\u8b58\u5225\u3059\u308b\u5b89\u5b9a\u3057\u305f\u30e6\u30cb\u30fc\u30af\u306a\u6587\u5b57\u5217\u3002<\/td>\n–<\/td>\n<\/tr>\n
CreateDate<\/td>\ntimestamp<\/td>\n\u30ed\u30fc\u30eb\u304c\u4f5c\u6210\u3055\u308c\u305f\u65e5\u4ed8\u3068\u6642\u523b\uff08ISO 8601\u306e\u65e5\u4ed8\/\u6642\u523b\u5f62\u5f0f\uff09\u3002<\/td>\n\u4f5c\u6210\u6642\u523b<\/td>\n<\/tr>\n
AssumeRolePolicyDocument<\/td>\nstring<\/td>\n\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u306b\u30ed\u30fc\u30eb\u3092\u5f15\u304d\u7d99\u3050\u6a29\u9650\u3092\u4e0e\u3048\u308b\u30dd\u30ea\u30b7\u30fc\u3002<\/td>\n–<\/td>\n<\/tr>\n
Description<\/td>\nstring<\/td>\n\u3042\u306a\u305f\u304c\u63d0\u4f9b\u3059\u308b\u30ed\u30fc\u30eb\u306e\u8aac\u660e\u3002<\/td>\n\u8aac\u660e<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\u307e\u305f\u3001\u7b2c\u4e09\u8005\u306b\u5bfe\u3057\u3066\u660e\u793a\u7684\u306b\u5f15\u304d\u53d7\u3051\u3092\u8a31\u53ef\u3059\u308b\u8a2d\u5b9a[AssumeRolePolicyDocument]\u3068\u3057\u3066\u3001\u30ed\u30fc\u30eb\u306e\u307f\u306b\u8ffd\u52a0\u3055\u308c\u3066\u3044\u308b\u9805\u76ee\u306b\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u3082\u306e\u304c\u5b58\u5728\u3057\u307e\u3059\u3002<\/p>\n
Statement<\/strong><\/p>\n\n\n\n\n\n
Action<\/td>\n\u5b9f\u884c<\/td>\nPrincipal\u306b\u5bfe\u3057\u5b9f\u884c\u3059\u308b\u5185\u5bb9<\/td>\n<\/tr>\n
Effect<\/td>\n\u52b9\u679c<\/td>\n\u8a31\u53ef\/\u62d2\u5426\u3092\u8a2d\u5b9a\u3059\u308b<\/td>\n<\/tr>\n
Sid<\/td>\n\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8b58\u5225\u5b50<\/td>\n\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3068\u3057\u3066\u8b58\u5225\u3059\u308bID<\/td>\n <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
Principal<\/strong><\/p>\n\n\n\n\n
Service<\/td>\n–<\/td>\n\u30b5\u30fc\u30d3\u30b9\u3092\u4fe1\u983c\u3059\u308b<\/td>\n<\/tr>\n
AWS<\/td>\n–<\/td>\n\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4fe1\u983c\u3059\u308b<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
 <\/p>\n
 <\/p>\n
\u88dc\u8db3<\/strong><\/h4>\n
\n
\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u306e\u53d6\u5f97 [ list-users ] \u3068\u540c\u3058\u8981\u9818\u3068\u306a\u308a\u307e\u3059\u306e\u3067\u308f\u304b\u308a\u3084\u3059\u3044\u3068\u601d\u3044\u307e\u3059\u3002
\n\u307e\u305f\u3001 \u540c\u69d8\u306b [ list-attached-role-policies ] \u3068 [ get-role-policy ] \u3092\u4f7f\u7528\u3057\u3066\u30ed\u30fc\u30eb\u306b\u9069\u7528\u3055\u308c\u3066\u3044\u308b\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u3082\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6982\u8981 \u524d\u56de\u307e\u3067\u306fIAM\u306e\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u3092\u53d6\u5f97\u3059\u308b\u624b\u9806\u306b\u3064\u3044\u3066\u8a18\u8f09\u3057\u3066\u304d\u307e\u3057\u305f\u3002 AWS – IAM\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u306e\u53d6\u5f97 AWS – IAM\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u306e\u53d6\u5f97(AWS\u7ba1\u7406\u30dd\u30ea\u30b7\u30fc) AWS &#8211…<\/p>\n","protected":false},"author":3,"featured_media":23,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2],"tags":[30,52,82],"class_list":["post-1244","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws","tag-aws-cli","tag-iam","tag-82"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/www.itc109.com\/knowledge\/wp-content\/uploads\/sites\/2\/logo\/logo-aws.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pacZwp-k4","_links":{"self":[{"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/posts\/1244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/comments?post=1244"}],"version-history":[{"count":27,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/posts\/1244\/revisions"}],"predecessor-version":[{"id":2576,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/posts\/1244\/revisions\/2576"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/media\/23"}],"wp:attachment":[{"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/media?parent=1244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/categories?post=1244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itc109.com\/knowledge\/wp-json\/wp\/v2\/tags?post=1244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}