Module 6: Security (Part 1) Flashcards
What is the Shared Responsibility Model?
The shared responsibility model is a concept that divides security responsibilities between the customer (security in the cloud) and AWS (security of the cloud).
What are the customer responsibilities in the shared responsibility model?
Customers are responsible for securing their content, managing access rights, configuring security settings, and maintaining the security of their applications and operating systems in the AWS Cloud.
What are AWS responsibilities in the shared responsibility model?
AWS is responsible for managing and controlling the underlying infrastructure, including physical security, hardware and software infrastructure, network infrastructure, and virtualization infrastructure.
What does “security in the cloud” refer to?
“Security in the cloud” refers to the customer’s responsibility for securing the content they create and put in the AWS Cloud, including selecting, configuring, and patching operating systems, managing user accounts, and configuring security groups.
What does “security of the cloud” refer to?
“Security of the cloud” refers to AWS’s responsibility for the security and protection of the global infrastructure that runs the services offered in the AWS Cloud, including physical data center security, infrastructure management, and compliance with security standards.
How is the shared responsibility model explained using the homeowner and homebuilder analogy?
The analogy illustrates that AWS (homebuilder) constructs the house (cloud infrastructure), and the customer (homeowner) is responsible for securing everything inside the house.
What measures does AWS take to ensure security in the cloud?
AWS provides reports from third-party auditors to verify compliance with security standards and regulations, ensuring transparency and trust in the security of the AWS Cloud infrastructure.
What is AWS Identity and Access Management (IAM)?
AWS Identity and Access Management (IAM) is a service that enables the management of access to AWS services and resources securely.
What are the best practices for using the AWS Account Root User?
The best practice is to avoid using the AWS Account Root User for everyday tasks. Instead, use it to create the first IAM user and assign appropriate permissions. Create individual IAM users for each person who needs access to AWS.
What is an IAM user?
An IAM user is an identity created in AWS for a person or application to interact with AWS services and resources. IAM users have no permissions by default, and necessary permissions must be granted to them.
What is an IAM policy?
An IAM policy is a document that allows or denies permissions to AWS services and resources. IAM policies customize users’ levels of access to resources, enabling fine-grained control over permissions.
What is the purpose of IAM groups?
IAM groups are collections of IAM users. Assigning IAM policies to a group grants the specified permissions to all users in that group. It simplifies permission management and makes it easier to adjust permissions when employees change roles.
What are IAM roles?
IAM roles are identities that users, applications, or services can assume to gain temporary access to permissions. IAM roles require permissions to switch to the role and allow users to abandon previous permissions and assume the permissions of the new role.
