Exam2-Part4 Flashcards
AWS Security Token Service (AWS STS)
is the service that you can use to create and provide trusted users with temporary security credentials that can control access to your AWS resources. Temporary security credentials work almost identically to the long-term access key credentials that your IAM users can use.
An Intelligence Agency developed a missile tracking application that is hosted on both development and production AWS accounts. The Intelligence agency’s junior developer only has access to the development account. She has received security clearance to access the agency’s production account but the access is only temporary and only write access to EC2 and S3 is allowed.
Which of the following allows you to issue short-lived access tokens that act as temporary security credentials to allow access to your AWS resources?
use AWS STS
steps to create a VPN Connection
To create a VPN connection,
1-you must create a customer gateway resource in AWS, which provides information to AWS about your customer gateway device.
2-Next, you have to set up an Internet-routable IP address (static) of the customer gateway’s external interface.
AWS Resource Access Manager (RAM)
The AWS Resource Access Manager (RAM) service simply helps you to securely share your resources across AWS accounts or within your organization or organizational units (OUs) in AWS Organizations. It is not capable of launching new AWS accounts with preapproved configurations.
AWS Control Tower vs aws resouce and access manager
AWS Control Tower focuses on setting up and managing a well-governed AWS environment with multiple accounts, it is also able to provission resources and accounts, while AWS Resource Access Manager is focused on securely sharing AWS resources between accounts, reducing resource duplication, and enabling centralized management of shared resources.
AWS Config
it is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.
Glacier Deep Archive
S3 Glacier Deep Archive provides the lowest storage cost but has higher retrieval costs than S3 Glacier. Retrievals are infrequent due to the long retrieval times.
Company is a rapidly growing cloud-native company that runs its infrastructure on Amazon Web Services (AWS). As the company expands, the IT team faces challenges in maintaining security and compliance across the growing number of AWS accounts and resources.
they decide to implement AWS Config to enforce security best practices and ensure consistent configurations across their AWS environment.
virtual private gateway
A Virtual Private Gateway (VPG) is a network component provided by Amazon Web Services (AWS) that enables secure and private communication between an Amazon VPC (Virtual Private Cloud) and remote networks, such as on-premises data centers or other VPCs in different AWS accounts or regions.
Elastic Ip Address
Static Public IPv4
