6 - Security Flashcards
Root account user
Owner of AWS account, can do anything inside account
Identify and access management (IAM)
Default to no permissions
IAM policy
JSON document that describes what a user can/cannot make
Effect - allow/deny
Action - API call
Resource - what the API call is for
IAM group
Easier for assigning permissions
Role
Temp amounts of time, no username/password
organizations
Central location to manage AWS accounts
Service control policies (SCP)
Specify max permissions for member accounts in the org
Artifact
Reports done by 3rd parties who validate compliance standards
Customer compliance center
Stores all
Distributed denial of service attacks (DDoS)
Attack on infrastructure, shut down app ability to function by overwhelming system to point it cannot operate
HTTP level attack
Look like normal customer asking for normal things over and over and over
UDP flood
Bad actor sends request but uses your return address, your server is flooded
AWS - security groups
Slowloris attack
Attacker pretends to have slow connection causing server to wait
AWS - elastic balancer waits until entire load is complete before sending to front end server
Web application firewall (WAF)
Filter incoming traffic for bad actors, machine learning, proactively defend at no cost
Advanced costs money, provides diagnostics
GuardDuty
Analyze continuous metadata from your account and identify threats, runs independently from AWS account
