{"id":8682,"date":"2025-04-24T14:21:19","date_gmt":"2025-04-24T05:21:19","guid":{"rendered":"https:\/\/engineer-chanpu.blog\/?p=8682"},"modified":"2025-04-24T14:30:10","modified_gmt":"2025-04-24T05:30:10","slug":"aws-%ec%97%ad%ed%95%a0-vs-%ec%a0%95%ec%b1%85-%ec%b0%a8%ec%9d%b4%ec%a0%90-%ec%95%8c%ec%95%84%eb%b3%b4%ea%b8%b0","status":"publish","type":"post","link":"https:\/\/engineer-chanpu.blog\/?p=8682","title":{"rendered":"AWS \uc5ed\ud560 vs \uc815\ucc45 – \ucc28\uc774\uc810 \uc54c\uc544\ubcf4\uae30"},"content":{"rendered":"\n

1. \uac1c\uc694<\/strong><\/h2>\n\n\n\n

\ud074\ub77c\uc6b0\ub4dc \ubcf4\uc548\uc5d0\uc11c \uc5ed\ud560(Role)\uacfc \uc815\ucc45(Policy)\uc740 \ub9ac\uc18c\uc2a4\uc5d0 \ub300\ud55c \uc561\uc138\uc2a4 \uc81c\uc5b4\ub97c \uad6c\ud604\ud558\ub294 \ud575\uc2ec \uad6c\uc131 \uc694\uc18c<\/strong>\uc785\ub2c8\ub2e4.
AWS\uc640 Microsoft Azure \ubaa8\ub450 \uc0ac\uc6a9\uc790 \ubc0f \uc11c\ube44\uc2a4 \uac04 \uad8c\ud55c\uc744 \uc81c\uc5b4\ud558\ub294 \uba54\ucee4\ub2c8\uc998\uc744 \uc81c\uacf5\ud558\uc9c0\ub9cc, \uadf8 \uad6c\uc870\uc640 \uac1c\ub150\uc801 \uc811\uadfc\uc740 \ub2e4\uc18c \ucc28\uc774\uac00 \uc788\uc2b5\ub2c8\ub2e4.<\/strong><\/p>\n\n\n\n

2. AWS\uc758 \uc5ed\ud560\uacfc \uc815\ucc45<\/strong><\/h2>\n\n\n\n

2.1 \uc5ed\ud560 (IAM Role)<\/strong><\/h3>\n\n\n\n

AWS IAM \uc5ed\ud560<\/strong>\uc740 \ud2b9\uc815 \uad8c\ud55c\uc744 \uac00\uc9c4 \uc784\uc2dc \uc790\uaca9 \uc99d\uba85<\/strong> \uc138\ud2b8\uc785\ub2c8\ub2e4. \uc5ed\ud560\uc740 \uc0ac\ub78c\uc774\ub098 \uc11c\ube44\uc2a4\uac00 AWS \ub9ac\uc18c\uc2a4\uc5d0 \uc811\uadfc\ud560 \uc218 \uc788\uac8c \ud558\uba70, \ubcf4\ud1b5 EC2, Lambda, ECS \ub4f1\uc5d0\uc11c \uc0ac\uc6a9\ub429\ub2c8\ub2e4. <\/p>\n\n\n\n

\uc0ac\uc6a9\uc790\ub294 \uc9c1\uc811 \ub85c\uadf8\uc778\ud558\uc9c0 \uc54a\uace0, \uc11c\ube44\uc2a4 \ub610\ub294 \uc0ac\uc6a9\uc790\uc5d0\uac8c \uc704\uc784\ub418\uc5b4 \uc0ac\uc6a9\ub429\ub2c8\ub2e4.<\/strong><\/p>\n\n\n\n

    \n
  • \uc8fc\uccb4(Principal)\uac00 \uc5ed\ud560\uc744 Assume<\/strong>\ud568<\/li>\n\n\n\n
  • \uc790\uaca9 \uc99d\uba85\uc740 \uc77c\uc2dc\uc801<\/li>\n\n\n\n
  • Cross-account \uc561\uc138\uc2a4\uc5d0 \ud65c\uc6a9 \uac00\ub2a5<\/li>\n\n\n\n
  • \ubcf4\ud1b5 \uc11c\ube44\uc2a4 \uac04\uc758 \uc5f0\ub3d9 \ub610\ub294 \uc678\ubd80 \uc811\uadfc \ud5c8\uc6a9 \uc2dc \uc0ac\uc6a9<\/li>\n<\/ul>\n\n\n\n
    \uc8fc\uccb4(Principal)\uac00 \uc5ed\ud560\uc744 Assume<\/strong>\ud568\uc774\ub780?<\/summary>\n
    \n

    “\uc8fc\uccb4(Principal)\uac00 \uc5ed\ud560\uc744 Assume\ud55c\ub2e4”\ub294 \uac83\uc740
    👉 \uc5b4\ub5a4 \uc0ac\uc6a9\uc790\ub098 \uc11c\ube44\uc2a4\uac00 \uc5ed\ud560(Role)\uc758 \uad8c\ud55c\uc744 \uc7a0\uc2dc \ube4c\ub824\uc11c \uc4f0\ub294 \uac83<\/strong>\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n

      \n
    • \uc5ed\ud560\uc740 \uad8c\ud55c\uc744 \ub2f4\uace0 \uc788\ub294 \uadf8\ub987<\/li>\n\n\n\n
    • \uc8fc\uccb4\ub294 \uadf8 \uc5ed\ud560\uc744 \uc7a0\uc2dc \uc785\uc5b4\uc11c<\/strong> \uad8c\ud55c\uc744 \uac16\uac8c \ub428<\/li>\n\n\n\n
    • \uc608: EC2\uac00 S3\uc5d0 \uc811\uadfc\ud558\ub824\uba74, S3 \uad8c\ud55c\uc774 \ub2f4\uae34 \uc5ed\ud560\uc744 Assume(\uc218\ud589)<\/strong> \ud574\uc57c \ud568<\/li>\n<\/ul>\n<\/blockquote>\n<\/details>\n\n\n\n

      2.2 \uc815\ucc45 (IAM Policy)<\/strong><\/h3>\n\n\n\n

      \uc815\ucc45\uc740 AWS \ub9ac\uc18c\uc2a4\uc5d0 \ub300\ud55c \uc811\uadfc\uc744 \ud5c8\uc6a9 \ub610\ub294 \uac70\ubd80\ud558\ub294 JSON \ud615\uc2dd\uc758 \ubb38\uc11c\uc785\ub2c8\ub2e4. \uc0ac\uc6a9\uc790, \uadf8\ub8f9, \uc5ed\ud560\uc5d0 \uc5f0\uacb0\ub418\uc5b4 \uad8c\ud55c\uc744 \uc815\uc758\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n

        \n
      • \uba85\uc2dc\uc801 \ud5c8\uc6a9 \ub610\ub294 \uac70\ubd80 \uc124\uc815<\/li>\n\n\n\n
      • \ub9ac\uc18c\uc2a4, \uc791\uc5c5, \uc870\uac74 \ub4f1\uc744 \uc138\ubc00\ud558\uac8c \uc815\uc758 \uac00\ub2a5<\/li>\n\n\n\n
      • \uc815\ucc45\uc740 \uc5ed\ud560, \uc0ac\uc6a9\uc790, \uadf8\ub8f9\uc5d0 \uc5f0\uacb0\ub428<\/li>\n<\/ul>\n\n\n\n

        2.3 \uc5ed\ud560\uacfc \uc815\ucc45\uc758 \uad00\uacc4<\/strong><\/h3>\n\n\n\n

        \uc5ed\ud560\uc740 \uad8c\ud55c\uc744 \uac00\uc9c8 \uc218 \uc788\ub294 ‘\ucee8\ud14c\uc774\ub108’\uc774\uace0, \uc815\ucc45\uc740 \uadf8 \uad8c\ud55c\uc744 \uc2e4\uc81c\ub85c ‘\uc815\uc758’\ud558\ub294 \uad6c\uc131 \uc694\uc18c\uc785\ub2c8\ub2e4.
        \uc5ed\ud560\uc774 \uc815\ucc45\uc744 \ud3ec\ud568\ud568\uc73c\ub85c\uc368 \ucd5c\uc885\uc801\uc73c\ub85c \uc5b4\ub5a4 \uc791\uc5c5\uc774 \uac00\ub2a5\ud55c\uc9c0\ub97c \uacb0\uc815\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n

        3. Azure\uc640\uc758 \ube44\uad50<\/strong><\/h2>\n\n\n\n
        \ud56d\ubaa9<\/strong><\/td>AWS<\/strong><\/td>Azure<\/strong><\/td><\/tr><\/thead>
        \uc5ed\ud560<\/td>IAM Role
        \uc784\uc2dc \uc790\uaca9 \uc99d\uba85 \uae30\ubc18
        \uc11c\ube44\uc2a4\ub098 \uc0ac\uc6a9\uc790\uc5d0 \uc704\uc784<\/td>        		Azure Role Assignment
        RBAC(Role-Based Access Control)\uc758 \ud575\uc2ec \uad6c\uc131\uc694\uc18c<\/td><\/tr>
        \uc815\ucc45<\/td>IAM Policy
        JSON \ubb38\uc11c\ub85c \uad8c\ud55c \uc815\uc758<\/td>        		Azure Policy
        \uac70\ubc84\ub10c\uc2a4 \ubc0f \uaddc\uc815 \uc900\uc218 \uc911\uc2ec\uc758 \uc811\uadfc \uc81c\uc5b4(\uc608: VM \ud06c\uae30 \uc81c\ud55c)<\/td><\/tr>
        \uad8c\ud55c \uc81c\uc5b4 \ubaa8\ub378<\/td>RBAC + \uc815\ucc45 \uae30\ubc18 \uc811\uadfc \uc81c\uc5b4(ABAC) \ud63c\ud569 \uac00\ub2a5<\/td>RBAC \uc911\uc2ec + \uc815\ucc45\uc740 \uc8fc\ub85c \uc81c\uc57d \uc870\uac74 \uc6a9\ub3c4<\/td><\/tr>
        \uc11c\ube44\uc2a4 \uac04 \uc811\uadfc \uc81c\uc5b4<\/td>AssumeRole\ub85c \uc704\uc784
        STS\ub97c \ud1b5\ud55c \uad50\ucc28 \uacc4\uc815 \uad8c\ud55c \uc704\uc784<\/td>        		Managed Identity \uc0ac\uc6a9
        Azure AD \uae30\ubc18 \ud1a0\ud070 \ubc1c\uae09<\/td><\/tr>
        \uc815\ucc45 \uc801\uc6a9 \ubc94\uc704<\/td>\uc0ac\uc6a9\uc790, \uadf8\ub8f9, \uc5ed\ud560 \ub4f1\uacfc \uc5f0\uacb0 \uac00\ub2a5<\/td>\uad00\ub9ac \uadf8\ub8f9, \uad6c\ub3c5, \ub9ac\uc18c\uc2a4 \uadf8\ub8f9, \ub9ac\uc18c\uc2a4 \uc218\uc900\uc5d0\uc11c \/\uc815\ucc45 \uc801\uc6a9 \uac00\ub2a5<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
        ABAC \uc774\ub780?<\/summary>\n
        \n

        \uc0ac\uc6a9\uc790, \ub9ac\uc18c\uc2a4, \ud658\uacbd\uc758 “\uc18d\uc131(attribute)”\uc744 \uae30\ubc18\uc73c\ub85c \uc811\uadfc\uc744 \uc81c\uc5b4\ud558\ub294 \ubc29\uc2dd\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n

          \n
        • \ub204\uac00<\/strong> (\uc0ac\uc6a9\uc790 \uc18d\uc131)<\/li>\n\n\n\n
        • \ubb34\uc5c7\uc5d0<\/strong> (\ub9ac\uc18c\uc2a4 \uc18d\uc131)<\/li>\n\n\n\n
        • \uc5b4\ub5a4 \uc870\uac74\uc77c \ub54c<\/strong> (\ud658\uacbd \uc18d\uc131) \uc811\uadfc\ud560 \uc218 \uc788\ub294\uc9c0\ub97c \uc815\uc758\ud569\ub2c8\ub2e4.<\/li>\n<\/ul>\n\n\n\n
          \uc608\uc2dc<\/h6>\n\n\n\n
          {
            \"Version\": \"2012-10-17\",
            \"Statement\": {
              \"Effect\": \"Allow\",
              \"Action\": \"s3:GetObject\",
              \"Resource\": \"arn:aws:s3:::my-bucket\/*\",
              \"Condition\": {
                \"StringEquals\": {
                  \"aws:PrincipalTag\/department\": \"marketing\"
                }
              }
            }
          }
          <\/code><\/pre>\n\n\n\n
          \uc774 \uc815\ucc45\uc740 👉 department\ub77c\ub294 \ud0dc\uadf8\uac00 “marketing”\uc778 \uc0ac\uc6a9\uc790\ub9cc<\/strong>
          S3 \ubc84\ud0b7 \uac1d\uccb4\ub97c \uc77d\uc744 \uc218 \uc788\ub3c4\ub85d \ud5c8\uc6a9\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n
          ABAC \ud2b9\uc9d5 \uc694\uc57d<\/h6>\n\n\n\n
            \n
          • IAM \uc0ac\uc6a9\uc790, \uc5ed\ud560, \ub9ac\uc18c\uc2a4 \ub4f1\uc5d0 **\ud0dc\uadf8(Tag)**\ub97c \ubd99\uc5ec \uc0ac\uc6a9<\/li>\n\n\n\n
          • \uc5ed\ud560\/\uc815\ucc45 \uac1c\uc218 \uc5c6\uc774\ub3c4 \uc720\uc5f0\ud558\uac8c \uad8c\ud55c \uad00\ub9ac \uac00\ub2a5<\/li>\n\n\n\n
          • \ud2b9\ud788 \ub300\uaddc\ubaa8 \uc870\uc9c1\uc774\ub098 \ub2e4\uc218\uc758 \ub9ac\uc18c\uc2a4\ub97c \uad00\ub9ac\ud560 \ub54c<\/strong> \uc720\ub9ac<\/li>\n<\/ul>\n<\/div><\/div>\n<\/details>\n\n\n\n
            \ube44\uace0<\/strong><\/h3>\n\n\n\n
            AWS\ub294 IAM \uc5ed\ud560 \ubc0f \uc815\ucc45\uc744 \ud1b5\ud574 \ub9e4\uc6b0 \uc720\uc5f0\ud55c \uc811\uadfc \uc81c\uc5b4\uac00 \uac00\ub2a5\ud558\uba70, Azure\ub294 RBAC \uae30\ubc18\uc758 \uc9c1\uad00\uc801\uc778 \uad8c\ud55c \uc704\uc784\uacfc \uac70\ubc84\ub10c\uc2a4 \uc911\uc2ec \uc815\ucc45\uc744 \uc81c\uacf5\ud569\ub2c8\ub2e4. Azure Policy\ub294 \ub9ac\uc18c\uc2a4 \uc0dd\uc131 \uc81c\ud55c \ubc0f \uad6c\uc131 \uae30\uc900 \uc720\uc9c0\ub97c \uc704\ud55c \uae30\ub2a5\uc774\uba70, AWS\uc758 SCP(Service Control Policy) \ub610\ub294 Config Rule\uacfc \uc720\uc0ac\ud55c \uc5ed\ud560\uc744 \uc218\ud589\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n
            4. \uacb0\ub860<\/strong><\/h2>\n\n\n\n
            AWS\uc758 IAM \uc5ed\ud560\uc740 \uc790\uaca9 \uc99d\uba85\uc744 \uc704\uc784\ud558\uae30 \uc704\ud55c \ucee8\ud14c\uc774\ub108\uc774\uba70, \uc815\ucc45\uc740 \uc2e4\uc81c \uad8c\ud55c\uc744 \uc124\uc815\ud558\ub294 \ubb38\uc11c\uc785\ub2c8\ub2e4. \uc774 \ub458\uc740 \ubcf4\uc644\uc801\uc73c\ub85c \uc0ac\uc6a9\ub418\uba70, \uc138\ubc00\ud55c \uad8c\ud55c \uc81c\uc5b4\uac00 \uac00\ub2a5\ud569\ub2c8\ub2e4. \ubc18\uba74, Azure\ub294 RBAC \ubaa8\ub378\uc744 \uc911\uc2ec\uc73c\ub85c \uc9c1\uad00\uc801\uc778 \uad8c\ud55c \ud560\ub2f9\uc744 \uc9c0\uc6d0\ud558\uba70, \uc815\ucc45\uc740 \uc870\uc9c1\uc758 \uaddc\uc815 \uc900\uc218\ub97c \uc704\ud55c \uc218\ub2e8\uc73c\ub85c \ud65c\uc6a9\ub429\ub2c8\ub2e4. \uac01 \ud50c\ub7ab\ud3fc\uc740 \uc11c\ub85c \ub2e4\ub978 \ubcf4\uc548 \ubaa8\ub378\uc744 \ucde8\ud558\uace0 \uc788\uc73c\ubbc0\ub85c, \uba40\ud2f0 \ud074\ub77c\uc6b0\ub4dc \ud658\uacbd\uc5d0\uc11c\ub294 \uc774\ub7ec\ud55c \ucc28\uc774\ub97c \uc774\ud574\ud558\uace0 \uc124\uacc4\ud558\ub294 \uac83\uc774 \uc911\uc694\ud569\ub2c8\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"
            1. \uac1c\uc694 \ud074\ub77c\uc6b0\ub4dc \ubcf4\uc548\uc5d0\uc11c \uc5ed\ud560(Role)\uacfc \uc815\ucc45(Policy)\uc740 \ub9ac\uc18c\uc2a4\uc5d0 \ub300\ud55c \uc561\uc138\uc2a4 \uc81c\uc5b4\ub97c \uad6c\ud604\ud558\ub294 \ud575\uc2ec \uad6c\uc131 \uc694\uc18c\uc785\ub2c8\ub2e4. AWS\uc640 Microsoft Azure \ubaa8\ub450 \uc0ac\uc6a9\uc790 \ubc0f \uc11c\ube44\uc2a4 \uac04 \uad8c\ud55c\uc744 \uc81c\uc5b4\ud558\ub294 \uba54\ucee4\ub2c8\uc998\uc744 \uc81c\uacf5\ud558\uc9c0\ub9cc, \uadf8 \uad6c\uc870\uc640 \uac1c\ub150\uc801 \uc811\uadfc\uc740 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[227,33],"tags":[],"class_list":["post-8682","post","type-post","status-publish","format-standard","hentry","category-amazon-web-service","category-tech-notes"],"_links":{"self":[{"href":"https:\/\/engineer-chanpu.blog\/index.php?rest_route=\/wp\/v2\/posts\/8682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/engineer-chanpu.blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/engineer-chanpu.blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/engineer-chanpu.blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/engineer-chanpu.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8682"}],"version-history":[{"count":18,"href":"https:\/\/engineer-chanpu.blog\/index.php?rest_route=\/wp\/v2\/posts\/8682\/revisions"}],"predecessor-version":[{"id":8704,"href":"https:\/\/engineer-chanpu.blog\/index.php?rest_route=\/wp\/v2\/posts\/8682\/revisions\/8704"}],"wp:attachment":[{"href":"https:\/\/engineer-chanpu.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/engineer-chanpu.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/engineer-chanpu.blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}