Chapter 10 Authentication and Authorization Flashcards
every policy document requires which three key-value pairs?
effect, action, resource
E.A.R.
List the five things that AWS federation can facilitate
- custom built IDP
- cross account access
- SAML
- OIDC
- Microsoft Active Directory
Prerequisites for using AWS SSO
- Use Organizations master account
- configure MS Active Directory in the AWS Directory Service
- Ensure AD resides in US-East-1 region
AWS SSO records all user portal sign-in activities in ______.
AWS Cloudtrail
STS tokens consist of what?
Acess Key ID, Secret Access Key, Security Token
What are ways in which authentication is provided with AWS Cognito?
- your own identity store
- Social identity providers like Amazon or Facebook
- SAML based identity solutions
Cognito Sync Store vs Cognito Sync
With Amazon Cognito Sync store, you can authenticate users using third-party social identity providers or create your own identity store. With Amazon Cognito Sync, you can synchronize identities across multiple devices and the web.
4 ways to integrate MS Active Directory with AWS
- Run MSAD on EC2 instance
- Use Active Directory Connector to connect on prem AD with AWS services
- Create Simple Active Directory for basic AD compatibility
- deploy AWS managed Microsoft AD
Notable MS SQLServer exceptions within AD for AWS
Both AWS Active Directory Connector and Simple Active Directory are incompatible with SQL Server hosted via RDS
Two main components of AWS Cognito
User pools and identity pools
What is one notable benefit of using AWS as an identity provider to access non AWS resources?
Using AWS as an Id`P allows you to use AWS CloudTrail to audit who is using the service.
What is a prerequisite for using AWS SSO?
Set up AWS Organizations and enable all features
What token would you use for a longer term session?
GetFederationToken
What is the best choice for using an eisting RADIUS based MFA infrastructure?
Active Directory Connector
