Advanced Identity Flashcards

1
Q

STS

A

Security Token Service

  • Create temporary, limited priv creds for access to AWS resources
  • short term credentials - you configure expiry
  • Security key and session key
    • identity federation
    • Iam roles for cross/same account access
    • IAM roles for EC2 for temporary credentials
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Amazon Cognito

A
  • Identity for web and mobile application users
  • (potentially millions)
  • IAM users are only for people that need to use AWS
  • create user in Cognito
  • social sign-in
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Microsoft AD

A

Active Directory

  • Found on any windows server with AD domain services
  • database of objects - user accounts, computers, printers, file shared, security groups
  • centralized security management, create account, assign permissions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Amazon Directory Services

A
  • Can extend AD, AWS managed Microsoft AD
    • create AD in AWS, supports MFA
    • create trust between that an on-prem AD
  • AD Connector
    • proxy to redirect to on-prem AD, supports MFA
    • users live on-prem
  • Simple AD
    • AD compatible managed directory on AWS
    • Cannot be joined with on-prem
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS IAM Identity Center

A

Successor to single sign-on
* one login for all
* * AWS accounts in AWS orgs
* * business cloud apps (salesforce, box)
* * SAML 2.0
* * EC2 windows

  • Identity providers
    • built in identity store
    • 3rd party (OneLogin, Okta, etc.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly