AWS OpsWorks Stacks | Security Flashcards

1
Q

Does AWS OpsWorks Stacks support tags?

Security

AWS OpsWorks Stacks | Management Tools

A

OpsWorks Stacks automatically tags all resources with the name of the stack and layer that they are associated with. You can use these tags with Cost Allocation Reports to organize and track your AWS costs using tagging. To learn more about Cost Allocation and tagging, please visit AWS Account Billing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Can I run my application inside an Amazon Virtual Private Cloud (VPC)?

Security

AWS OpsWorks Stacks | Management Tools

A

Yes. See the OpsWorks Stacks documentation for more information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Is it possible to use AWS Identity & Access Management (IAM) with AWS OpsWorks Stacks?

Security

AWS OpsWorks Stacks | Management Tools

A

Yes, OpsWorks Stacks supports IAM users, permissions, and roles. You can designate permissions by user, including view, deploy, and manage. You can also specify which users can ssh directly into instances. OpsWorks Stacks support for IAM roles lets you give a user access to OpsWorks Stacks without having to give access to dependent services like EC2. For example, you can explicitly deny a user the ability to perform EC2 actions, but the user can still control EC2 instances through OpsWorks Stacks if they have OpsWorks Stacks permissions to deploy or manage stack resources. This lets you prevent an OpsWorks Stacks user from inadvertently stopping an instance from the EC2 console.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Can I manage what ports are open on my instances?

Security

AWS OpsWorks Stacks | Management Tools

A

AWS OpsWorks Stacks provides a standard set of built-in security groups — one for each layer — which are associated with layers by default. The stack’s Use OpsWorks Stacks security groups setting allows you to instead provide your own custom security groups. With this option, you must create appropriate EC2 security groups and associate a security group with each layer that you create. However, you can still manually associate a built-in security group with a layer on creation; custom security groups are required only for those layers that need custom settings. For more information on security groups, see Amazon EC2 Security Groups. Note that OpsWorks Stacks requires connectivity outbound from the EC2 instance on port 443 to configure your instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does AWS OpsWorks Stacks run on the instance?

Security

AWS OpsWorks Stacks | Management Tools

A

OpsWorks Stacks uses an agent on the instance to perform configuration tasks and provide heartbeat health status. The agent runs as an unprivileged user on the operating system. Every instance also has a user that is used for deployments. This user doesn’t have any login rights or access rights apart from deployment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly