AWS, Azure, GCP IAM 기능 차이

1. AWS IAM

로그인(Access Key, Secret Key) 로그인 설정을 할 수 있다. 패스워드 정책 및 MFA도 설정이 가능하다.

Role 은 임시적으로만 사용할 수 있는 수단으로 모자로 자주 비유하는데,

임시로 모자를 써서 권한을 획득 한 후, 필요한 리소스에 접근할 수 있고,

주로 인스턴스 혹은 AWS 서비스(Lambda 등)에 부여하여 사용하는데 

User처럼 권한 설정을 매번 할 필요가 없고,

Credential이 주기적으로 변경되기 때문에, 보안상으로도 권장된다.

 

2. Azure (and GCP)

RBAC (role-based access control) model,

which relies on a more methodical structure of resources.

At the primary level, Azure provides a basic resource container, the “resource group.”

Each resource group container groups all the resources meant for one specific application,

so they can be provisioned and deprovisioned together.

A container that can hold resource groups is a “subscription.”

A container that can hold subscriptions is a “management group” (which can also hold other management groups in a nested structure).

Multiple management groups consist of a “root management group.” In Azure, a subscription is also the billing unit.

The Azure structure is intended to align with the enterprise’s organizational structure.

 

3. GCP

In GCP, the basic container is the “project,” which contains the resources for a single application.

A “folder” is a container that can aggregate several projects.

The folder consists of a nested structure all the way up in the organizational tiers.

In GCP, the project is also the billing unit.

 

출처 : https://cloudwithease.com/comparing-iam-services/

 

참고 : https://kyupokaws.wordpress.com/2021/03/29/aws-vs-gcp-vs-azure-%EA%B3%84%EC%A0%95-%EB%B9%84%EA%B5%90/

AWS vs GCP vs Azure 계정 비교

https://ermetic.com/blog/cloud/aws-azure-and-gcp-the-ultimate-iam-comparison/

AWS, Azure and GCP: The Ultimate IAM Comparison - Ermetic