09 - Security, Identity, and Compliance

Question 1

Amazon Inspector - Security Audit

Answer 1

Amazon Inspector can be used to analyse potential Security threats for an Amazon EC2 instance against an assessment template with predefined rules.

Question 2

Amazon Macie - PII

Answer 2

Managed Security Service which can be used to detect Personally Identifiable Information (PII) such as names, password, Credit Card numbers from large amounts of data stored in Amazon S3 bucket

Question 3

Amazon GuardDuty

Answer 3

Used to identify threats by analysing events from AWS CloudTrail, VPC Flow Logs, and DNS Logs

Question 4

AWS Shield

Answer 4

AWS Shield provides protection against DDOS attacks

Question 5

AWS IAM (Identity and Access Management) CheatSheets

Answer 5

1) IAM is used to manage access to users and resources
2) IAM is a universal system (applied to all regions at the same time). IAM is a free service
3) A root account is the account initially created when AWS is set up (full administrator)
4) New IAM accounts have no permissions by default until granted
5) New users get assigned an Access Key Id and Secret when first created when you give them programmatic access
6) Access Keys are only used for CLI and SDK (cannot access console)
7) Access Keys are only shown once when created. If lost they must be delete/recreated again
8) Always setup MFA for Root Accounts
9) Users must enable MFA on their own, Administrator cannot turn it on for each user
10) IAM allows your set password policies to set minimum password requirements or rotate passwords
11) IAM Identities as Users, Groups, and Roles
12) IAM Users End users who log into the console or interact with AWS resources programmatically
13) IAM Groups - Group up your Users so they all share permission levels of the group eg. Administrators, Developers, Auditors
14) IAM Roles - Associate permissions to a Role and the assign this to an Users or Groups
15) IAM Policies - JSON documents which grant permissions for a specific user, group, or role to access services. Policies are attached to IAM Identities
16) Managed Policies are policies provided by AWS and cannot be edited
17) Customer Managed Policies are policies created by use the customer, which you can edit
18) Inline Policies are policies which are directly attached to a user

Question 6

Amazon Cognito CheatSheet

Answer 6

1) Cognito is decentralised managed authentication system. When you need to easily add authentication to your mobile and desktop app think Cognito
2) User Pools user directory, allows user to authenticate using OAuth to IdP such as Facebook, Google, Amazon to connect to web-applications. Cognito User Pool is in itself a IdP
3) User Pools use JWTs for to persist authentication
4) Identity Pools provide temporary AWS credentials to access services eg. S3, DynamoDB
5) Cognito Sync can sync user data and preferences across devices with one line of code (powered by SNS)
6) Web Identity Federation exchange identity and security information between an identity provide (IdP) and an application
7) Identity Provider (IdP) a trusted provider of your user identity that lets you use authenticate to access other services. eg. Facebook, Twitter, Google, Amazon
8) OIDC is a type of Identity Provider which uses OAuth
9) SAML is a type of Identity Provider which is. used for Single Sign-on