AWS STS Security Token serve Flashcards
IAM
- identity and access management inside your AWS account
- for users that you trust and belong to your company
- You should use IAM Roles if you want to create temporary, limited-privilege credentials for your AWS resources. FALES
IAM Roles are sets of permissions making AWS service requests, which will be used by AWS services, but they do not provide temporary security credentials.. AWS Security Token Service (AWS STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).
Organizations
manage multiple AWS account
Which of the following services can help you manage multiple AWS accounts?
STS ; Security Token Service
Temporary, limited-privileges credential to access AWS resources
Cognito
Create a database of users for your mobile and web applications
A company would like to centrally manage access to multiple AWS accounts and business applications. Which service can it use?
Directory Service
Integrate Microsoft active directory in AWS
A company would like to use their on-premises Microsoft Active Directory to connect to its AWS resources. Which service can it use?
AWS manager Microsoft AD
created your own in AWS, manage users locally, support your own AD in AWS, mange user locally, supports MFA
- establish trust connections with your on premises AD
AD connector
Directory gateway (proxy ) to redirect to on prem AD
user are managed on the on perms AD
Simple AD
AD- compatible managed directory on AWS
cannot be joined with on-perm AD
SSO: single sign- on
one login for multiple AWS account & applications
- A company just created a new mobile application and wants to add a simple and secure user sign-up, sign-in, and access control. Which AWS service can it use?