Security Flashcards
What is the Shared Responsibility Model?
AWS is responsible for “Security of Cloud” & you’re responsible for “Security in Cloud”
What is the Customer’s Responsibility in the Cloud?
- Customer Data
- Platform, Applications, Identify & Access Management
- OS’s, Network, & Firewall Configurations
- Client-side Data Encryption
- Server-Side Encryption
- Networking Traffic Protection
What is AWS’s Responsibility of the Cloud?
- Software
- Compute
- Storage
- Database
- Networking
- Hardware/AWS Global Infrastructure
- Regions
- Availability Zones
- Edge Locations
What is AWS Identity & Access Management (IAM)?
Manage access to AWS services & resources securely & lets you configure access based on your company’s specific operation & security needs.
What is an IAM User?
Identity you create in AWS that represents person or application that interacts with AWS services & resources.
- Consists of name & credentials.
- Default: has no permissions associated w/ it.
What is an IAM Policy?
JSON Document that allows or denies permissions to AWS services & resources.
What is an IAM Group?
Collection of IAM Users where all users in group have only the permissions of the policy of the IAM Group.
What is an IAM Role?
Identity user can assume to gain temporary access to permissions.
- Must be granted permissions to switch to role.
- Abandons all previous permissions and has only new permissions.
- Ideal for user needs TEMPORARY access to services/resources, NOT LONG-TERM.
What is Multi-factor Authentication (MFA)?
Requires user to give more than one form of verification to access account which provides extra layer of security to AWS account.
What is an AWS Organization?
Consolidates & manages multiple AWS accounts w/in a central location.
What is an AWS Organizational Unit?
Grouping of AWS accounts to make it easier to manage accounts w/ similar business or security requirements.
- When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.
What is AWS Artificat?
Provides on-demand access to AWS security & compliance reports & select online agreements.
Consists of two main sections:
- AWS Artifact Agreements
- AWS Artifact Reports
What are AWS Artifact Agreements?
You can review, accept, & manage agreements for an individual account & for all your accounts in AWS Organizations.
What are AWS Artifact Reports?
Provide compliance reports from 3-party auditors who have tested & verified that AWS is compliant w/ variety of global, regional, & industry specific security standards & regulations & always stay up to date.
What is the Customer Compliance Center?
Group of resources that helps you more a/b AWS compliance.
- Can help you w/ compliance questions & auditing security checklist.
- Can see how other companies solved compliance problems.
What is AWS Shield?
Protects applications from DDoS attacks.
Has two levels:
- Standard
- Advanced
What is AWS Shield Standard?
Automatically protects all AWS customers for free from most common frequent DDoS attacks.
What is AWS Shield Advanced?
Protects from sophisticated DDoS attacks & integrates w/ other services s/a:
- Amazon CloudFront
- Amazon Rout 53
- Elastic Load Balancing
Also you can integrate with AWS WAF to write complex rules to mitigate DDoS attacks.
What is AWS Key Management Service (AWS KMS)?
Managed service that makes it easy to create & control encryption keys that are used to encrypt your data.
What is AWS WAF (Web Application Firewall)?
Web Application Firewall that monitors network requests that come into your web applications.
What is Amazon Inspector?
Helps improve security & compliance of applications by running automated security assessments that check for weaknesses & changes from security best practices & offers recommendations on how to fix them.
What is Amazon GuardDuty?
Proved intelligent threat detection for AWS infrastructure & resources by identifying threats by always monitoring network activity & account behavior w/in AWS environment.
What services does AWS Shield Advanced provide expanded DDoS protection for?
- Amazon Elastic Compute Cloud (EC2)
- Elastic Load Balancing (ELB)
- Amazon CloudFront
- Amazon Route 53
- AWS Global Accelerator
What are key benefits of AWS Global Infrastructure?
- Security
- Availability
- Performance
- Global Footprint
- Scalability
- Flexibility
