Amazon Cloud Directory | Core Concepts Flashcards
When should I use Cloud Directory versus AWS Directory Service for Microsoft Active Directory (Enterprise Edition) or Amazon Cognito User Pools?
Core Concepts
Amazon Cloud Directory | Security, Identity & Compliance
AWS Directory Service for Microsoft Active Directory (Enterprise Edition), or AWS Microsoft AD, is designed to support Windows-based workloads that require Microsoft Active Directory. AWS Microsoft AD is intended for enterprise IT use cases and applications that depend on Microsoft Active Directory.
Amazon Cognito User Pools is an identity solution for developers that need authentication, federation, and credentials management for users.
Amazon Cloud Directory is designed for developers who need to manage large volumes of hierarchical data, and need a flexible directory solution that supports multiple sets of relationships and built-in data validation.
What are the key terms and concepts that I need to be aware of to use Amazon Cloud Directory?
Core Concepts
Amazon Cloud Directory | Security, Identity & Compliance
To use Amazon Cloud Directory, you need to know the following key terms:
Directory
Schema
Facet
Object
Attribute
Hierarchy
Policy
What is a directory?
Core Concepts
Amazon Cloud Directory | Security, Identity & Compliance
A directory defines the scope for the data store (like a table in Amazon DynamoDB), completely isolating it from all other directories in the service. It also defines the transaction scope, query scope, and the like. A directory also represents the root object for a customer’s tree and can have multiple directory objects as its children. Customers must apply schemas at the directory level.
What is a schema?
Core Concepts
Amazon Cloud Directory | Security, Identity & Compliance
A schema defines facets, attributes, and constraints allowed within a directory. This includes defining:
One or more types of facets that may be contained within a directory (such as Person, Organization_Person).
Attributes required or allowed on various types of facets.
Constraints (such as required or unique, primitive data types such as integer, string, and others).
What is a facet?
Core Concepts
Amazon Cloud Directory | Security, Identity & Compliance
A facet is a collection of attributes and constraints. A single or multiple facets when combined help define the objects in a directory. For example, Person and Device can be facets that define corporate employees with the associations of multiple devices.
What is an object?
Core Concepts
Amazon Cloud Directory | Security, Identity & Compliance
An object represents a structured data entity in a directory. An object in a directory is intended to capture metadata about a physical or logical entity, usually for the purpose of information discovery and enforcing policies. For example, users, devices, and applications are all types of objects. An object’s structure and type information are expressed using a collection of facets.
What is an attribute?
Core Concepts
Amazon Cloud Directory | Security, Identity & Compliance
An attribute is a user-defined unit of metadata associated with an object. For example, the user object can have an attribute called email-address. Attributes are always associated with an object.
What is a hierarchy?
Core Concepts
Amazon Cloud Directory | Security, Identity & Compliance
A hierarchy is a view in which groups and objects are organized in parent-child relationships similar to a file system in which folders have files and subfolders beneath them. Amazon Cloud Directory supports organizing objects into multiple hierarchies.