Advanced Identity Flashcards
1
Q
STS
A
Security Token Service
- Create temporary, limited priv creds for access to AWS resources
- short term credentials - you configure expiry
- Security key and session key
- identity federation
- Iam roles for cross/same account access
- IAM roles for EC2 for temporary credentials
2
Q
Amazon Cognito
A
- Identity for web and mobile application users
- (potentially millions)
- IAM users are only for people that need to use AWS
- create user in Cognito
- social sign-in
3
Q
Microsoft AD
A
Active Directory
- Found on any windows server with AD domain services
- database of objects - user accounts, computers, printers, file shared, security groups
- centralized security management, create account, assign permissions
4
Q
Amazon Directory Services
A
- Can extend AD, AWS managed Microsoft AD
- create AD in AWS, supports MFA
- create trust between that an on-prem AD
- AD Connector
- proxy to redirect to on-prem AD, supports MFA
- users live on-prem
- Simple AD
- AD compatible managed directory on AWS
- Cannot be joined with on-prem
5
Q
AWS IAM Identity Center
A
Successor to single sign-on
* one login for all
* * AWS accounts in AWS orgs
* * business cloud apps (salesforce, box)
* * SAML 2.0
* * EC2 windows
- Identity providers
- built in identity store
- 3rd party (OneLogin, Okta, etc.)