利用 IAM 身份中心和可信身份传播简化数据湖访问.pdf

《利用 IAM 身份中心和可信身份传播简化数据湖访问.pdf》由会员分享，可在线阅读，更多相关《利用 IAM 身份中心和可信身份传播简化数据湖访问.pdf（20页珍藏版）》请在三个皮匠报告上搜索。

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.S E C 3 4 4Simplify Data Lake Access with IAM Identity Center and trusted identity propagationLaura ReithSr.Solutions ArchitectIdentity Solutions 2025,Amazon Web Ser

2、vices,Inc.or its affiliates.All rights reserved.Lake House in AWS 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Challenges of managing data access with IAM Roles Operation challenges Explosion in the number of IAM roles and policies to manage Fragmented and inconsistent IAM poli

3、cies Policy size and limit constraints Access consistency challenges Inconsistent enforcement of access rules across environments Outdated or orphaned IAM roles leading to mismatched access statesThese challenges stem from the absence of a global identity and a unified access control model.Security

4、challenges Role proliferation and excessive privilege sprawl over time Fragmented access control across identity systems and AWS accounts Compliance challenges Limited traceability for user actions performed under assumed roles Lack of fine-grained,user-level visibility in audit logs 2025,Amazon Web

5、 Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Trusted identity propagation(TIP)2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.IAM Identity Center with trusted identity propagationB R I N G Y O U R I D E N T

6、I T I E S T O A W SSingle,universal identity for the entire AWS ecosystemNative integration with AWS-managed applications and servicesFine-grained access control and end-to-end auditabilityIAM Identity CenterAlices identitycontextAmazonRedshiftAuthenticatesAmazon AthenaAWS managed applicationsAWS ma