AWS Elastic Beanstalk | Security Flashcards
Does this mean I need to modify the application code when moving from test to production?
Security
AWS Elastic Beanstalk | Compute
Not with AWS Elastic Beanstalk. With Elastic Beanstalk, you can specify the connection information in the environment configuration. By extracting the connection string from the application code, you can easily configure different Elastic Beanstalk environments to use different databases.
How do I make my application private?
Security
AWS Elastic Beanstalk | Compute
By default, your application is available publicly at myapp.elasticbeanstalk.com for anyone to access. You can use Amazon VPC to provision a private, isolated section of your application in a virtual network that you define. This virtual network can be made private through specific security group rules, network ACLs, and custom route tables. You can also easily control what other incoming traffic, such as SSH, is delivered or not to your application servers by changing the EC2 security group settings.
Can I run my application inside a Virtual Private Cloud (VPC)?
Security
AWS Elastic Beanstalk | Compute
Yes, you can run your applications in a VPC. For more details, see the AWS Elastic Beanstalk Developer Guide.
Where can I find more information about security and running applications on AWS?
Security
AWS Elastic Beanstalk | Compute
For more information about security on AWS, please refer to our Amazon Web Services: Overview of Security Processes document and visit our Security Center.
Is it possible to use Identity & Access Management (IAM) with AWS Elastic Beanstalk?
Security
AWS Elastic Beanstalk | Compute
Yes. IAM users with the appropriate permissions can now interact with AWS Elastic Beanstalk.
Why should I use IAM with AWS Elastic Beanstalk?
Security
AWS Elastic Beanstalk | Compute
IAM allows you to manage users and groups in a centralized manner. You can control which IAM users have access to AWS Elastic Beanstalk, and limit permissions to read-only access to Elastic Beanstalk for operators who should not be able to perform actions against Elastic Beanstalk resources. All user activity within your account will be aggregated under a single AWS bill.
How do I create IAM users?
Security
AWS Elastic Beanstalk | Compute
You can use the IAM console, IAM command line interface (CLI), or IAM API to provision IAM users. By default, IAM users have no access to AWS services until permissions are granted.
How do I grant an IAM user access to AWS Elastic Beanstalk?
Security
AWS Elastic Beanstalk | Compute
You can grant IAM users access to services by using policies. To simplify the process of granting access to AWS Elastic Beanstalk, you can use one of the policy templates in the IAM console to help you get started. Elastic Beanstalk offers two templates: a read-only access template and a full-access template. The read-only template grants read access to Elastic Beanstalk resources. The full-access template grants full access to all Elastic Beanstalk operations, as well as permissions to manage dependent resources, such as Elastic Load Balancing, Auto Scaling, and Amazon S3. You can also use the AWS Policy Generator to create custom policies. For more details, see the AWS Elastic Beanstalk Developer Guide.
Can I restrict access to specific AWS Elastic Beanstalk resources?
Security
AWS Elastic Beanstalk | Compute
Yes. You can allow or deny permissions to specific AWS Elastic Beanstalk resources, such as applications, application versions, and environments.
Who gets billed for the AWS resources that an IAM user creates?
Security
AWS Elastic Beanstalk | Compute
All resources created by IAM users under a root account are owned and billed to the root account.
Who has access to an AWS Elastic Beanstalk environment launched by an IAM user?
Security
AWS Elastic Beanstalk | Compute
The root account has full access to all AWS Elastic Beanstalk environments launched by any IAM user under that account. If you use the Elastic Beanstalk template to grant read-only access to an IAM user, that user will be able to view all applications, application versions, environments, and any associated resources in that account. If you use the Elastic Beanstalk template to grant full access to an IAM user, that user will be able to create, modify, and terminate any Elastic Beanstalk resources under that account.
Can an IAM user access the AWS Elastic Beanstalk console?
Security
AWS Elastic Beanstalk | Compute
Yes. An IAM user can access the AWS Elastic Beanstalk console using their username and password.
Can an IAM user call the AWS Elastic Beanstalk API?
Security
AWS Elastic Beanstalk | Compute
Yes. An IAM user can use their access key and secret key to perform operations using the Elastic Beanstalk API.
