AWS Management Flashcards
What is the PowerUserAccess managed policy?
PowerUserAccess is AdministratorAccess without IAM permissions
Can AWS SSO be used for mobile?
No. Consider AWS Cognito
What is RADIUS?
Remote Access Dial In User Service.
Good for configuring MFA between users and an on-premises network. Works for on-premises Active Directory
If SCP’s conflict, which takes priority?
The highest-level SCP will take priority.
ex. a deny at the org level will take priority over an allow at the OU level.
What is the difference between AWS-runPatchBaseline and AWS-ApplyPatchBaseline on SSM?
ApplyPatchBaseline only works on Windows. RunPathBaseline works on both windows and linux
What is the difference between AWS Guard Duty and AWS Inspector?
AWS Guard Duty monitors for suspicious activity between services / in or out of the AWS account.
AWS inspector runs on EC2 instances and monitors for suspicious activity from within services.
Do SCPs affect service-linked roles? Root user?
SCPs do not affect service-linked roles. They do affect the root user.
What are the pros and cons of AWS access advisor
Pros
- Blanket tool for access
- simple to use
Cons
- can’t trigger AWS Lambda
- not real time
What is the AWS Service Catalog?
Service that allows orgs to bundle all allowed resources so accounts in the org are pre-provisioned.
What is the CloudFront managed prefix list?
AWS Managed Prefix list of all CloudFront used IP Addresses.
What is AWS Compute Optimizer?
Automated recommendations for cost and performance optimizations.
Specific to AWS resources (EC2, EBS, Lambda, etc.), unlike general-purpose tools.
Integrated with AWS services, simplifying monitoring and tuning.
Cost savings through identifying over-provisioned resources.
What is a service catalog launch constraint
Launch constraint specifies IAM role of services created by package in service catalog. This allows a defined IAM role for the creation of the services, rather than relying on the permissions of the user in charge of the launch of the services.
