07 - EC2 w/ S3 Role Lab Flashcards Preview

AWS-CDA-2019-03 - EC2 > 07 - EC2 w/ S3 Role Lab > Flashcards

Flashcards in 07 - EC2 w/ S3 Role Lab Deck (4)
Loading flashcards...
1
Q

What are IAM Roles?

A
  • IAM roles are a secure way to grant permissions to entities that you trust.
  • IAM roles issue keys that are valid for short durations, making them a more secure way to grant access.
  • Examples of entities include the following:
    • IAM user in another account
    • Application code running on an EC2 instance that needs to perform actions on AWS resources
    • An AWS service that needs to act on resources in your account to provide its features
    • Users from a corporate directory who use identity federation with SAML
2
Q

EC2 w/ S3 Roles

A

EC2 w/ S3 Roles

  • Roles allow you to not use Access Key IDs and Secret Access Keys
  • Roles are preferred from a security perspective
  • Roles are controlled by policies
  • Roles are universal and can be applied against multiple EC2 instances
  • Roles are always preferred from a security perspective (Access Keys / Secret Access are not preferred)
  • You can change the policy on a role and it will take immediate effect
  • You can edit the policy and it will affect all EC2 instances with the Role attached
  • You can attach and detach roles from running EC2 instances without having to stop or terminate the instance
3
Q

Identity Access Management via Roles

A
  • Can access without needing to store credentials if the role is attached to the instance
4
Q

How do you assume a role?

A
  • You can switch roles from the
    • AWS Management Console.
  • You can assume a role by calling an
    • AWS CLI
    • API operation
    • By using a custom URL
  • What are the implications?
    • The method that you use determines who can assume the role and how long the role session can last.