17. Advanced ID Flashcards
What is AWS STS and what does it provide?
AWS STS (Security Token Service) provides temporary, limited-privileges credentials to access AWS resources.
True or False: AWS STS credentials are long-term and do not expire.
False
Fill in the blank: AWS STS is often used for _____, allowing external systems’ users temporary AWS access.
Identity federation
Which AWS service allows user identity management for web and mobile applications without creating IAM users?
Amazon Cognito
List two common use cases for AWS STS.
Identity federation and IAM roles for cross/same account access.
How does Amazon Cognito simplify identity for application users?
Cognito allows creating a database of users for web and mobile applications, with options for social login.
True or False: AWS Directory Services includes AWS Managed Microsoft AD, AD Connector, and Simple AD.
True
What is the purpose of the AD Connector in AWS Directory Services?
It acts as a directory gateway, redirecting requests to on-premise Active Directory and supporting MFA.
Fill in the blank: AWS IAM Identity Center provides _____ for all AWS accounts and applications.
Single Sign-On (SSO)
Name two types of identity providers supported by AWS IAM Identity Center.
Built-in identity store and third-party providers like Active Directory (AD), OneLogin, or Okta.
True or False: AWS IAM Identity Center only supports AWS applications and cannot integrate with third-party cloud applications.
False
Which AWS service is considered the successor to AWS Single Sign-On?
AWS IAM Identity Center
Describe one key feature of Simple AD within AWS Directory Services.
Simple AD is an AD-compatible managed directory on AWS but cannot be joined with on-premise AD.
What does AWS Organizations help you manage?
It helps manage multiple AWS accounts within an organization.
Explain the purpose of AWS IAM within an AWS account.
AWS IAM (Identity and Access Management) is used to manage user identities and access permissions within an AWS account.
