AWS SHIELD Flashcards
What is AWS Organizations?
AWS Organizations is an account management service that allows consolidation of multiple AWS accounts into an organization that can be centrally managed.
What is the purpose of Organizational Units (OUs) in AWS Organizations?
OUs in AWS Organizations are used to group multiple accounts and attach different access policies (Service Control Policies) to each OU for managing permissions.
What are Service Control Policies (SCPs) in AWS Organizations?
SCPs are policies in AWS Organizations that define maximum permissions for accounts or OUs, ensuring that accounts stay within access control guidelines.
How are SCPs similar to IAM policies?
SCPs in AWS Organizations are similar to IAM permission policies and use JSON syntax to specify maximum permissions but do not grant permissions directly.
What is the relationship between AWS Organizations and IAM?
AWS Organizations extends IAM control to account levels, providing centralized control over what users and roles in an account can do.
What is AWS Key Management Service (KMS)?
AWS KMS is a service that allows the creation and management of encryption keys to control encryption across various AWS services and applications.
How does AWS KMS enhance security?
AWS KMS uses hardware security modules to protect keys, integrates with AWS CloudTrail for logs, and helps meet regulation and compliance needs regarding key usage.
What is Amazon Cognito used for?
Amazon Cognito provides solutions for controlling access to AWS resources from applications, allowing roles to be defined and mapped to users for authorized access.
What standards does Amazon Cognito support?
Amazon Cognito supports standards such as Security Assertion Markup Language (SAML) version 2.0, enabling single sign-on (SSO) and integration with identity service providers.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) attack protection service that safeguards applications running on AWS from various types of DDoS attacks.
What types of DDoS attacks does AWS Shield protect against?
AWS Shield protects against infrastructure layer attacks like UDP floods, state exhaustion attacks like TCP SYN floods, and application layer attacks like HTTP floods.
What are the differences between AWS Shield Standard and AWS Shield Advanced?
AWS Shield Standard is automatically enabled for all AWS customers at no additional cost, while AWS Shield Advanced is a paid service that provides additional protection and features.
What additional protection does AWS Shield Advanced provide?
AWS Shield Advanced provides protection against more sophisticated and larger DDoS attacks for applications running on various AWS services like EC2 instances and Elastic Load Balancers.
How can customers access the DDoS response team with AWS Shield Advanced?
Customers need to have either business or enterprise support to contact the DDoS response team while using AWS Shield Advanced.
What are some key security features provided by AWS Organizations?
AWS Organizations offers features like Service Control Policies (SCPs) for permissions management, identity and access management controls, and account-level security enhancements.
