AWS Cloud Developer: Security Flashcards
What is PII
Personally identifiable information
What does cloud security protect?
Data
The application that accesses the data
Servers that serve the data
AWS Shield
AWS Shield is a managed DDoS (or Distributed Denial of Service) protection service that safeguards web applications running on AWS.
AWS Shield is a service that you get “out of the box”, it is always running (automatically) and is a part of the free standard tier. If you want to use some of the more advanced features, you’ll have to utilize the paid tier.
AWS WAF
AWS WAF (or AWS Web Application Firewall) provides a firewall that protects your web applications.
WAF can stop common web attacks (SQL injections, Cross site scripting) by reviewing the data being sent to your application and stopping well-known attacks.
What are firewalls?
A network security mechanism that monitors and controlls incoming and outgoing traffic, based on pre-set security rules.
IAM
Identity & Access Management (IAM) is an AWS service that allows us to configure who can access our AWS account, services, or even applications running in our account. IAM is a global service and is automatically available across ALL regions.
Least privileged access
users only have acces to what the need to have access to and no more.
What are root level accounts
Full access to everything in an acount
How to secure your root account?
MFA - mutlifactor authentication
Dont use root credentials to sign into everyday accoutns
4 IAM security concepts
User
IAM Group
IAM Role
Policy
IAM user
An entity (person/service) accesing account. Has username and access credentials
IAM group
Collection of users
IAM role
An identity with permisions and priviliges not associated with users or groups. Roles can be attached to a user or a user can assume a role temporarily to perform a specific task
Policy
A way of defining granular permisions which can be attached to users, groups or roles.
How are AWS policies created
as JSON Objects
