Governance Flashcards
Whats a good use case for Organizations?
Setting up a central logging account into which other organizations ship logs.
What are some benefits of Organizations
- Applying standards
- Central billing
- shared reserve insances
- programmatic account creation
- global control with service control policies across accounts
How can you apply restrictions to the root account?
AWS organization service control policy
What is an allow statement in a service control policy?
It governs what services would possibly be granted access. A service control policy never grants access.
How would you centralize logs?
Have a central logging account using organizations, apply service control policies to restrict anyone from altering them
What is AWS RAM
- Resource Access Manager
- Lets you share resources with other accounts (in Organization)
- Helps deduplicate resources
What is AWS Config used for?
- Think Assess, Audit, Evaluate, Remediate for resources in your environment
- Get notifications when a configuration deviates
- Can remediate issues
- Lets you monitor log
- Helps you conform to standards
- https://aws.amazon.com/config/
What are 3 vital functions of AWS Config?
- Standardization. Set up rules
- Automate a response when rules are violated
- History of changes
What are the types of AD in Directory Service
Managed - fully built out in aws
AD Connector - on prem Ad with a tunnel to aws
