2026-02-06 03:34:50 +08:00
|
|
|
|
<template>
|
|
|
|
|
|
<div class="cross-account-access-demo">
|
|
|
|
|
|
<div class="demo-header">
|
|
|
|
|
|
<h4>跨账号访问流程演示</h4>
|
2026-02-13 22:10:03 +08:00
|
|
|
|
<p class="intro-text">角色扮演(AssumeRole)获取临时凭证</p>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
<div class="demo-content">
|
|
|
|
|
|
<div class="flow-diagram">
|
|
|
|
|
|
<div class="account-box source">
|
|
|
|
|
|
<div class="account-header">账号 A(源账号)</div>
|
|
|
|
|
|
<div class="account-content">
|
|
|
|
|
|
<div class="entity">IAM User / Application</div>
|
|
|
|
|
|
<div class="action">调用 sts:AssumeRole</div>
|
|
|
|
|
|
</div>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
<div class="arrow">→</div>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
<div class="account-box sts">
|
|
|
|
|
|
<div class="account-header">STS 服务</div>
|
|
|
|
|
|
<div class="account-content">
|
|
|
|
|
|
<div class="step">1. 验证源身份</div>
|
|
|
|
|
|
<div class="step">2. 检查信任策略</div>
|
|
|
|
|
|
<div class="step">3. 生成临时凭证</div>
|
|
|
|
|
|
</div>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
<div class="arrow">→</div>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
<div class="account-box target">
|
|
|
|
|
|
<div class="account-header">账号 B(目标账号)</div>
|
|
|
|
|
|
<div class="account-content">
|
|
|
|
|
|
<div class="entity">CrossAccountRole</div>
|
|
|
|
|
|
<div class="resource">访问 S3 / EC2 等资源</div>
|
|
|
|
|
|
</div>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
<div class="code-example">
|
|
|
|
|
|
<h5>Python 代码示例</h5>
|
|
|
|
|
|
<pre><code>import boto3
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
|
|
|
|
|
# 在账号 A 中使用 IAM 用户凭证
|
|
|
|
|
|
sts_client = boto3.client('sts')
|
|
|
|
|
|
|
|
|
|
|
|
# 扮演账号 B 的角色
|
|
|
|
|
|
assumed_role = sts_client.assume_role(
|
|
|
|
|
|
RoleArn='arn:aws:iam::123456789012:role/CrossAccountRole',
|
|
|
|
|
|
RoleSessionName='MySession',
|
|
|
|
|
|
DurationSeconds=3600
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
# 获取临时凭证
|
|
|
|
|
|
credentials = assumed_role['Credentials']
|
|
|
|
|
|
|
|
|
|
|
|
# 使用临时凭证访问账号 B 的资源
|
|
|
|
|
|
s3_client = boto3.client(
|
|
|
|
|
|
's3',
|
|
|
|
|
|
aws_access_key_id=credentials['AccessKeyId'],
|
|
|
|
|
|
aws_secret_access_key=credentials['SecretAccessKey'],
|
|
|
|
|
|
aws_session_token=credentials['SessionToken']
|
|
|
|
|
|
)</code></pre>
|
2026-02-13 22:10:03 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
<div class="info-box">
|
|
|
|
|
|
<strong>💡 跨账号访问优势:</strong>通过角色扮演实现跨账号访问,无需在每个账号创建 IAM 用户,临时凭证自动过期,更安全更易管理。
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</template>
|
|
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
<script setup>
|
|
|
|
|
|
// No script needed for this static demo
|
|
|
|
|
|
</script>
|
|
|
|
|
|
|
2026-02-06 03:34:50 +08:00
|
|
|
|
<style scoped>
|
|
|
|
|
|
.cross-account-access-demo {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
|
|
|
|
|
background: var(--vp-c-bg-soft);
|
|
|
|
|
|
border-radius: 8px;
|
|
|
|
|
|
padding: 1.5rem;
|
|
|
|
|
|
margin: 1rem 0;
|
|
|
|
|
|
max-height: 600px;
|
|
|
|
|
|
overflow-y: auto;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.demo-header {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
margin-bottom: 1rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.demo-header h4 {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
margin: 0 0 0.5rem 0;
|
|
|
|
|
|
font-weight: 800;
|
|
|
|
|
|
color: var(--vp-c-text-1);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
.intro-text {
|
2026-02-06 03:34:50 +08:00
|
|
|
|
margin: 0;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
color: var(--vp-c-text-2);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
font-size: 0.9rem;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
.demo-content {
|
|
|
|
|
|
margin-bottom: 1rem;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-06 03:34:50 +08:00
|
|
|
|
.flow-diagram {
|
|
|
|
|
|
display: flex;
|
|
|
|
|
|
align-items: center;
|
|
|
|
|
|
justify-content: center;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
gap: 1rem;
|
|
|
|
|
|
margin-bottom: 1.5rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
flex-wrap: wrap;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.account-box {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
background: var(--vp-c-bg);
|
|
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
|
|
|
|
|
border-radius: 8px;
|
|
|
|
|
|
padding: 1rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
min-width: 180px;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.account-header {
|
|
|
|
|
|
font-weight: 700;
|
|
|
|
|
|
font-size: 0.85rem;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
margin-bottom: 0.75rem;
|
|
|
|
|
|
padding-bottom: 0.5rem;
|
|
|
|
|
|
border-bottom: 1px solid var(--vp-c-divider);
|
|
|
|
|
|
color: var(--vp-c-text-1);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.account-content {
|
|
|
|
|
|
font-size: 0.8rem;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.entity {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
background: var(--vp-c-brand-soft);
|
|
|
|
|
|
padding: 0.375rem 0.625rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
border-radius: 4px;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
margin-bottom: 0.5rem;
|
|
|
|
|
|
color: var(--vp-c-brand-1);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
font-weight: 500;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.action {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
color: var(--vp-c-text-3);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
font-style: italic;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.step {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
padding: 0.25rem 0;
|
|
|
|
|
|
color: var(--vp-c-text-2);
|
|
|
|
|
|
border-bottom: 1px solid var(--vp-c-divider);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.step:last-child {
|
|
|
|
|
|
border-bottom: none;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.resource {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
background: rgba(var(--vp-c-brand-rgb), 0.1);
|
|
|
|
|
|
padding: 0.375rem 0.625rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
border-radius: 4px;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
margin-top: 0.5rem;
|
|
|
|
|
|
color: var(--vp-c-brand);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.arrow {
|
|
|
|
|
|
font-size: 2rem;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
color: var(--vp-c-text-3);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.code-example {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
background: var(--vp-c-bg);
|
|
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
|
|
|
|
|
border-radius: 8px;
|
|
|
|
|
|
padding: 1.25rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.code-example h5 {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
margin: 0 0 0.75rem 0;
|
|
|
|
|
|
color: var(--vp-c-text-1);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
font-size: 0.9rem;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
font-weight: 700;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.code-example pre {
|
|
|
|
|
|
margin: 0;
|
|
|
|
|
|
overflow-x: auto;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.code-example code {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
color: var(--vp-c-text-2);
|
|
|
|
|
|
font-family: var(--vp-font-family-mono);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
font-size: 0.8rem;
|
|
|
|
|
|
line-height: 1.5;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
.info-box {
|
|
|
|
|
|
padding: 0.75rem;
|
|
|
|
|
|
background: var(--vp-c-bg-alt);
|
|
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
|
|
|
|
|
border-left: 4px solid var(--vp-c-brand);
|
|
|
|
|
|
border-radius: 6px;
|
|
|
|
|
|
font-size: 0.9rem;
|
|
|
|
|
|
line-height: 1.6;
|
|
|
|
|
|
color: var(--vp-c-text-2);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.info-box strong {
|
|
|
|
|
|
color: var(--vp-c-text-1);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-06 03:34:50 +08:00
|
|
|
|
@media (max-width: 768px) {
|
|
|
|
|
|
.flow-diagram {
|
|
|
|
|
|
flex-direction: column;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.arrow {
|
|
|
|
|
|
transform: rotate(90deg);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.account-box {
|
|
|
|
|
|
min-width: auto;
|
|
|
|
|
|
width: 100%;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
</style>
|
