https://truongvu.dev/vi/categories/aws-sap-cheat-sheet/ Recent content in AWS SAP Cheat Sheet on > truongvu.dev https://truongvu.dev/static/images/default-cover.png https://truongvu.dev/static/images/default-cover.png Hugo vi Sat, 21 Mar 2026 09:21:13 +0700 https://truongvu.dev/vi/categories/aws-sap-cheat-sheet/202603211-sap-iam/ Sat, 21 Mar 2026 09:21:13 +0700 https://truongvu.dev/vi/categories/aws-sap-cheat-sheet/202603211-sap-iam/ <h3 id="-1-bạn-đang-control-ở-level-nào">🎯 1. Bạn đang control ở level nào?</h3> <h4 id="-a-level-account--organization">🔹 A. Level Account / Organization</h4> <p><strong>Keyword:</strong></p> <ul> <li>&ldquo;limit account&rdquo;</li> <li>&ldquo;restrict services&rdquo;</li> </ul> <p>👉 Dùng: AWS Organizations + SCP</p> <hr> <h4 id="-b-level-user--role">🔹 B. Level User / Role</h4> <p>👉 Dùng: IAM Policy</p> <hr> <h4 id="-c-cross-account">🔹 C. Cross-account</h4> <p>👉 Check tiếp 👇</p> <hr> <h3 id="-2-service-có-resource-policy-không">🔍 2. Service có Resource Policy không?</h3> <h4 id="-có--dùng-resource-policy">✅ Có → dùng Resource Policy</h4> <p>Ưu điểm:</p> <ul> <li>Không cần STS</li> <li>Đơn giản</li> <li>Nhanh</li> </ul> <hr> <h4 id="-không--dùng-sts">❌ Không → dùng STS</h4> <p>Pattern: Account A → AssumeRole → Account B</p>