Key Management Service (KMS) / Cognito Flashcards
If you need to comply with the FIPS 140-2 Level 3 compliance standard which service would you use?
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs.
Which compliance standard does KMS adhere to?
FIPS X Level X
FIPS 140-2 Level 2
This AWS service makes it easy to create, control, and rotate encryption keys for your AWS data.
KMS - AWS Key Management Service
Which CLI command is used to generate a new key in KMS?
aws kms create-key
Which CLI command is used to decrypt a ciphertext and then encrypt it again with KMS?
aws kms re-encrypt
Which type of Customer Master Key (CMK) uses 2 keys?
Asymmetric
Which type of CMK would you use to encrypt an S3 bucket using AES-256?
Symmetric
Which of the following would you find in the metadata for a CMK?
A customer master key (CMK) is a logical representation of a master key. The CMK includes metadata, such as the key ID, creation date, description, and key state. The CMK also contains the key material used to encrypt and decrypt data.
Key State
Key ID
Creation Date
Three things about cognito…
- Provides sign-up/sign-in integration for your app
- Lets users access your app using social media accounts
- Removes need to manage user accounts yourself
The 3 components of Cognito
- User Pools
- Identity Pools
- Sync (It uses SNS)
Facebook, Google, and Amazon are examples of which Web Federation component?
Identity Providers
Examples of common Web Identity Providers for Cognito
Identity Provider (IdP) a trusted provider of your user identity that lets you use authenticate to access other services. Identity Providers could be: Facebook, Amazon, Google, Twitter, Github, LinkedIn
Which 3 common application actions can you manage using User Pools?
Sign-up
Sign-in
Account recovery
Account confirmation
This Amazon Cognito component acts as a user directory to manage the actions for your app
Cognito User Pools
Cognito Identity Pools provide this
Temporary AWS credentials to access services eg, S3, DynamoDB
ˈtɛmpəˌrɛri