AWS Security Responsibility Flashcards
Who is responsible for security in AWS
Both customers and AWS are responsible for security in AWS
What is AWS responsibility in Security?
- Physical (Regions, avail zones, edge locations, (Hardware AWS Cloud Infrastructure))
- N/w (Compute, storage, DB, n/wking)
- Hypervisor (and softwared)
What is customers responsibility in AWS
- OS (client side, server side encry, n/w traffiking, OS, n/w firewall)
- Application (platform, appli, identity & access mgmt)
- Data (Clients data)
Good definition of AWS Security
AWS responsible for “Security of the cloud”
We responsible for “Security in the Cloud”
what is the service that enables you to manage AWS services and resources securely?
AWS Identity and Access Management
what does IAM provides
IAM provides the felexibility to configure access based on company’s operational and security needs
what are the combinations of IAM features
- IAM Users, Groups and Roles
- IAM Policies
- Multi factor Authentication
Who is the owner of AWS Account
AWS Account Root User (Root User) - Its created using the account that is used for loggin in AWS accont and password
What permissions does the Root User have
Complete access to all resources and services
What is the user created in AWS
IAM User. It is an identity given to user to access AWS resources and services
What is the default behaviour of IAM User account
By default, IAM user have no access to any resources or services. It nees explicit configuration to access a resources
What is IAM Policies
IAM policies is a document that allows or denies permissions to AWS resources
What is IAM Policies used for
To customizes users access to resources or services. Eg.., you allow user to access specific buckets or all buckets
What is the best practice in IAM policies
To follow “Least Previleges” for giving access. means, give only the permissions to access resources needed not the all resources
IAM Groups
“Collection of IAM Users”. We can configure IAM Groups an Configure with permissions to access.
What is IAM roles
IAM roles is an identity that you can assume to gain temporary access to the permissions
What is IAM Roles important thing to remember?
Before an IAM User, serviceor application assume an IAM role, he has to abandon the previous role and assume /start the new role
Best Practices to Use IAM role?
To grant permissions temporarily instead of long term
What is AWS Organizations
Suppose you have multiple AWS Accounts, we can comtrol and manage multiple AWS accounts from single location called AWS Organization
How can we centrally control permissions for the accounts in AWS Organization?
“Service Control Policies”
What is Organizational Units
In AWS Organizations, we can group accounts to “Organizational Units” to easily manage accounts with similar business or security commitments
Why its mandatory for your application to maintains standards
Depending on the company’s industry/location, we may have to uphold standard. An Audit/Inspection will make sure that the standards are followed
What service AWS provides to maintain standars and reports
AWS Artifacts
What does AWS Artifact provides
On Demand Access to AWS security and compliance reports and select online Agreement
