Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

2018-IAM (AWS) > AWS, IAM General notes, Key Terms and Concepts > Flashcards

AWS, IAM General notes, Key Terms and Concepts Flashcards

1
Q

IAM Critical Terms, Concepts and Building Blocks

A
  • USERS GROUPS & ROLES
  • IDENTITIES PRINCIPALS/ACTORS
  • POLICIES(PARC = Policies, Action , Resource & Condition) ;
  • SAML 2.0
  • IdPs
  • ADFS
  • FEDERATION
  • JSON
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IAM and AWS Account Key Features

A
  • AWS account are single accounts ;
  • Email used to register is the “root” account ;
  • IAM manages access level to AWS console ;
  • IAM enables >> central control, shared access, granular permissions identity federation, MFA, temporary access for users in devices and services password rotation PCI DSS compliance and integrates into AWS services
  • MFA - Assign to any IAM user, person or app ; AWS support Gemalto hardware MFA devices plus a number of virtual MFA services like Google Authenticator
  • JSON - Key Value Document
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IAM KEY POINTS
E.g -Understanding IAM user vs AWS account user BASICS

A
  • IAM - is a globally universally available service
  • IAM access Sign In link can be customised to remove an account number
  • IAM is an eventually consistent service
  • Root access = unlimited access
  • IAM = AWS resources = IAM is Not an identity store authorisation of applications and application permissions
  • IAM is not for operating system management (Basically, OS access equals AD, LDAP)
  • Active directory can be extended to the cloud via active directory service working independently or as an extension
  • ​Cognito is used for managing mobile identity for mobile applications (E.g: App access = Cognito for identity management of mobile application user repositories)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IAM Additional KEY POINTS ..Continued

A
  • It is not possible to restrict the permissions that are granted to the root account.
  • IAM users are not separate accounts, they are users within your account.
  • If your corporate directory is not compatible with SAML 2.0, you can create an identity broker application to provide single-sign on (SSO) access to the AWS Management Console for your users.
  • If your corporate directory is Microsoft Active Directory, you can use AWS Directory Service to establish trust between your corporate directory and your AWS account.
  • Users in the Administrators group can also access your AWS account information, except for your AWS account security credentials.
  • By default, only the AWS account owner (root account) has access to view and manage billing information . Access to this data cannot be delegated to IAM users until the account owner first enables access to billing data in the account settings.
  • You must still explicitly grant access to billing data to specific IAM users or groups. You grant this access with a customer-managed policy.
  • *Important:- When you activate IAM user access to the AWS website, you grant full access to the AWS website to all users who already have full access to the AWS APIs. You can restrict their access by applying a more constrained set of permissions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ACCESSING IAM ~ AWS

A
  • You can work with AWS Identity and Access Management in any of the following ways.
    • AWS Management Console
    • AWS Command Line Tools
    • AWS SDKs
    • IAM HTTPS API
  • IAM is controlled via > AWS console > CLI (programmatically) > AWS SDKs + APN tools
  • Programmatic access - Access + secret key issued at account creation time if options are selected, secret key will only be shown once, if lost will need to be regenerated and it’s only used for programmatic access
  • Securing IAM - Password policies must be assigned
  • MFA authentication can be activated
  • IAM APN >> AWS Partner network - has a rich ecosystem of tools to manage and extend IAM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Accessing IAM - (Deccriptions)

AWS Management Console

A

The console is a browser-based interface to manage IAM and AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Accessing IAM and AWS - (Deccriptions)
AWS Command Line Tools

A

AWS Command Line Tools

  • You can use the AWS command line tools to issue commands at your system’s command line to perform IAM and AWS tasks. Using the command line can be faster and more convenient than the console. The command line tools are also useful if you want to build scripts that perform AWS tasks.

AWS provides two sets of command line tools:

  • the AWS Command Line Interface (AWS CLI) and
  • the AWS Tools for Windows PowerShell.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Accessing IAM and AWS - (Deccriptions)
UInderstand AWS SDKs

A

AWS SDKs

  • AWS provides SDKs (software development kits) that consist of libraries and sample code for various programming languages and platforms (Java, Python, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to IAM and AWS. For example, the SDKs take care of tasks such as cryptographically signing requests, managing errors, and retrying requests automatically.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Accessing IAM and AWS - (Deccriptions)
IAM HTTPS API​

A

IAM HTTPS API

  • You can access IAM and AWS programmatically by using the IAM HTTPS API, which lets you issue HTTPS requests directly to the service. When you use the HTTPS API, you must include code to digitally sign requests using your credentials.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

USERS/GROUPS/ROLES

A
  • Users/Groups/Roles - can be shared
  • Groups provide a way to manage users more easily
  • Users are created with No permissions at all by default (once a user is created, there’s nothing much you can do other than delete or create another user)
  • For permissions:- Users can be part of a Group or can have permissions copied from existing Users or existing Policies
  • Permissions can be attached via Users, Groups or Roles through policy documents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Random Notes: Require clarification and understanding

A
  • New Key = Puts = new object read after write consistency
  • existing key = Gets and Deletes = updates changes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Root User

A
  • Root user ACCESS KEY = (an access key ID and secret access key) ; Access keys can be made Inactive and regenerated ; ACCESS KEY ( 20 Characters) SECRET KEY ( 40 Characters) ; Used with Programmatic access or SDKs , will need these values to sign the REST calls to the services
  • You cannot restrict the permissions associated with your “AWS account” access key. - TBC
  • You use an access key (an access key ID and secret access key) to make programmatic requests to AWS. Do not use your AWS account root user access key
  • best practice Is to rotate the keys. to allow for this IAM facilitates the use of 2 active keys at a time ; Keys can be rotated via the console cli sdks when rotating keys disable key first instead of deleting is critical as allows for rollback
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is an ARN?

A

TBC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an Endpoint? & Are all endpoints publicly accessible?

A

tbc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

2018-IAM (AWS) (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions