Securing Access to Cloud Resources Flashcards
(29 cards)
What is the shared responsibility model in cloud security?
A framework that outlines the division of security responsibilities between cloud service providers and customers.
What does AWS Identity and Access Management (IAM) do?
Securely shares and controls individual and group access to AWS resources.
What are the key features of AWS IAM?
- Supports federated identity management
- Supports granular permissions
- Supports multi-factor authentication (MFA)
- Provides identity information for assurance
What are the two main functions of IAM?
- Authentication
- Authorization
Who are considered ‘principals’ in IAM?
A person or application that requests access to AWS resources.
Define ‘IAM policy’.
The document that defines which resources can be accessed and the level of access to each resource.
What is an IAM user?
A person or application that can authenticate with an AWS account.
What is an IAM role?
An identity used to grant a temporary set of permissions to make AWS service requests.
What is the principle of least privilege?
Start by granting the minimum AWS account permissions needed for the job role and grant additional access as needed.
What does multi-factor authentication (MFA) add to security?
An extra layer of protection on top of your username and password.
Fill in the blank: A _______ is a collection of IAM users who are granted identical authorization.
Group
True or False: An explicit deny statement takes precedence over an allow statement in IAM policies.
True
What is identity federation?
A system of trust between two parties to authenticate users and convey information needed to authorize resource access.
What services are available for identity federation in AWS?
- AWS Single Sign-On (AWS SSO)
- AWS Identity and Access Management (IAM)
What does AWS Organizations allow you to do?
Consolidate multiple AWS accounts into a centrally managed organization.
What is a service control policy (SCP)?
A policy that provides centralized control over AWS services and API actions across accounts.
What information is contained in an IAM request?
- Actions or operations
- Resources
- Principal
- Environment data
- Resource data
What is the purpose of IAM credentials?
To authenticate users and applications accessing AWS resources.
What does an IAM resource consist of?
- User
- Group
- Role
- Policy
- Identity provider objects
Fill in the blank: The AWS Security Token Service (AWS STS) issues _______ security credentials.
temporary
What is the role of identity providers in identity federation?
Responsible for user authentication.
What is a principal in IAM?
A person or application that uses the AWS account root user, IAM user, or IAM role to sign in and make requests.
What type of policies does IAM support?
- Identity-based policies
- Resource-based policies
What does a resource-based policy define?
Who has access to a particular resource.
