问题
I am having a bit of a hard time understand how can an IAM role be used to limit access to a Amazon EC2 instances.
I am currently looking into Cognito, and I was wondering if it could help me. I want to restrict the access of my EC2 instances (with that I mean contacting the Django Server on there) to only a specific group of people, with dynamic ips. So IP restriction is not an option.
If a user gets authenticated with Cognito and gets temporary credentials, and therefore assumes a specific IAM Role, I want him to be able to talk to that EC2-Django server from within my iOS app. If a request to the server doesn't have the IAM, I want Amazon to automatically block it. Is that possible or I have to do that server side?
来源:https://stackoverflow.com/questions/26832350/control-aws-ec2-access-with-aws-cognito-or-not-on-ios