AIAM Flashcards
What is AWS Directory Service?
It has a list of services which allows you to connect AWS resources with on-premise Microsoft Active Directory.
What is Active Directory?
On-premise Microsoft Directory Service which contains list of Users, Groups, Computers & Group Policy.
What is LDAP?
Lightweight Directory Access protocol
List of AWS Directory Service?
AWS Managed Microsoft AD
Simple AD
AD Connector
What is AWS Managed Microsoft AD?
This provide AD Domain Controller running on Windows Servers for Each AZ.
These controllers are reachable by your application on VPC.
Default no of Domain controller available for AWS Managed Microsoft AD?
2
What is AD Trust?
Extend existing AD to on-premises using AD Trust.
What is Simple AD?
Simple AD is a standalone directory in cloud to support Windows workloads that need basic AD features.
Which is perfect candidate for Simple AD implementation?
Linux workloads that need LDAP
Managed AD vs Simple AD?
Simple AD does not support AD Trust.
Managed AD support AD Trust.
What is AD Connector?
AD Connector is a directory gateway/proxy for your on premises directory with AWS Services.
On premises users can log in AWS using AD Connector.
What is Cloud Directory?
Directory based store for developers
What is AWS Cognito User Pools?
Managed user directory for SAAS application.
What are the list of AD Compatible services?
AWS Managed Microsoft AD
Simple AD
AD Connector
Non AD Compatible?
Cloud Directory
Cognito user pools
What is ARN?
Amazon Resource Name is used to identify any resource in AWS
ARN format?
“Begins with: arn : partition : service : region : account_id
End with: resource or resource_type or resource_type/resource or resource_type/resource/qualifier”
What is inline policy?
Inline policy scope is limited to specific role; you cant assign inline policy to other role.
What is AWS Resource Access Manager?
AWS RAM allows you to create resources centrally & allows resource sharing to other accounts.
What is SAML?
Security Assertion Markup Language
AWS responsibility for AWS managed Microsoft AD?
Multi AZ Deployment
Patch Monitor & recovery
Software update
backup & restore
Customer responsibility for AWS managed Microsoft AD?
User ,Group & GPO Standard AD Tools AD Trust Scale out Domain Controller AD Trust Certificate Federation
Simple AD Sizes?
Small -500 & Large -5000
Can you connect Simple AD with on-premise AD?
No
List of policy types?
identity policy
resource policy
identity policy?
Attached to IAM user, group & role; This policy let you specify what an identity can do.
resource policy?
It is attached to an resource; you can specify who has access to resource & what actions they can perform.
AWS Single Sign on?
SSO service helps centrally managed access to aws accounts & business applications.
Does simple AD support AD Trust?
NO
IAM policy structure?
Effect/Action/Resource
Policy Evaluation Logic?
Denay policy take president than Allow policy
AWS Managed policy?
Created by AWS
Customer Managed policy?
Created by users
Permission boundary?
It control maximum permission an IAM policy can grant.
Types of resource you can share in RAM?
App Mesh Aurora Code Build EC2 EC2 Image Builder License manager Resource Group Route 53